When I was trying out navidrome using podman I ran into a couple hiccups that seemed specific to podman. This was my first attempt to run a service with podman.
- Rootless podman is different from docker, but seems like a great idea.
- It’s important to setup /etc/subgid and /etc/subuid . On Fedora 33, there are already a couple entries, so just allocate the next 65536-sized range.
- For containers that will write to mounted volumes, you need to adjust permissions. Use podman unshare chmod : … to adjust permissions on writable mounts (instead of doing it outside of ‘unshare’ and remapping the container uid/gid yourself)
- symlink permissions might not work the way you want, so don’t mount a symlink directly (/path/to/symlink:/data), follow the symlink and mount the target.
- Using “–rm” in “podman run” is a good default, otherwise you have to manually remove the container after exit.
- You usually want to volume mount with “Z” so that the mount has the right labels, otherwise your container might not be able to read the mounts.
- I didn’t need to pass –uidmap. It was enough to update /etc/subgid and /etc/subuid