Writable directories with rootless Podman

Question

I'm trying to run rootless Podman containers with

podman container create --name postgres --expose 5432 --memory 512M --hostname postgres --volume /home/user/some/path/postgres:/var/lib/postgresql/data:Z,U --userns keep-id --env POSTGRES_USER=admin --env POSTGRES_PASSWORD=secret docker.io/postgres:14

but I'm getting the error message

Error: error stat'ing file `/home/user/some/path/postgres`: Permission denied: OCI permission denied

The destination path /home/user/some/path is within a gocryptfs mount. Mapping the volume outside the path works flawlessly.

So far I thought that --userns keep-id should avoid permission issues for rootless containers but if I'm removing the option I'm getting the error message

chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted

As far as I understood, providing the options --uidmap and --gidmap could help as well but I'm not sure how I can provide the proper values for it.

Under the hood I'm using Ansible to configure the containers.

EDIT: Now I also created a Podman issue.

Answer 1

The reason for this error was that the mount wasn't done with the fuse parameter allow_other.