Podman: Cant run MongoDB image from dockerhub. getting permission denied on entrypoint shell script

Created on 21 Jul 2020 · 3Comments · Source: containers/podman

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Trying to run MongoDB in docker on ArchLinux. But getting error. The image works with docker.

❯ podman run -it mongo                    
error: exec: "/usr/local/bin/docker-entrypoint.sh": stat /usr/local/bin/docker-entrypoint.sh: permission denied

But this works
❯ docker run -it mongo

docker is configured to run containers with user namespace enabled.

I also ran container with bash as entrypoint

❯ docker run -it mongo bash

and then execute the /usr/local/bin/docker-entrypoint.sh file like this:-

root@5d3fbe6f118f:/# /usr/local/bin/docker-entrypoint.sh mongod

and it wokerked

So I did the same with podman too

❯ podman run -it mongo bash

I also checked if the script did have x permission

root@f9ebefeb2078:/# ls /usr/local/bin/docker-entrypoint.sh -l
-rwxrwxr-x 1 root root 11181 Jul  6 22:03 /usr/local/bin/docker-entrypoint.sh

and when I try to execute it

root@f9ebefeb2078:/# /usr/local/bin/docker-entrypoint.sh mongod
error: exec: "/usr/local/bin/docker-entrypoint.sh": stat /usr/local/bin/docker-entrypoint.sh: permission denied

Steps to reproduce the issue:

Boot ArchLinux (Not sure if it's arch related or not cause someone on Reddit didn't have any issue with fedora)
install podman ( pacman -S podman )
podman run -it mongo

Describe the results you received:

got

error: exec: "/usr/local/bin/docker-entrypoint.sh": stat /usr/local/bin/docker-entrypoint.sh: permission denied

Describe the results you expected:

same as
docker run -it mongo

Additional information you deem important (e.g. issue happens only occasionally):

When I run top in docker, the UID of top is 100000 on host but when I run top in podman, it UID is same as the use execuing the podman i.e 1000 which is me on host. is it normal?

❯ ls /etc/sub*id ; cat /etc/sub*id
/etc/subgid  /etc/subuid
smit:100000:65536
smit:100000:65536

Output of podman version:

Version:      2.0.2
API Version:  1
Go Version:   go1.14.4
Git Commit:   201c9505b88f451ca877d29a73ed0f1836bb96c7
Built:        Mon Jul 13 02:16:58 2020
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.15.0
  cgroupVersion: v1
  conmon:
    package: Unknown
    path: /usr/bin/conmon
    version: 'conmon version 2.0.19, commit: 25585dd8e8ebff68baa00f695115eff4191ca1f9'
  cpus: 8
  distribution:
    distribution: arch
    version: unknown
  eventLogger: file
  hostname: KryetA
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.7.9-zen1-1-zen
  linkmode: dynamic
  memFree: 12473585664
  memTotal: 20844519424
  ociRuntime:
    name: runc
    package: Unknown
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc91
      commit: 24a3cf88a7ae5f4995f6750654c0e2ca61ef4bb2
      spec: 1.0.2-dev
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  rootless: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: Unknown
    version: |-
      slirp4netns version 1.1.4
      commit: b66ffa8e262507e37fca689822d23430f3357fe8
      libslirp: 4.3.1
      SLIRP_CONFIG_VERSION_MAX: 3
  swapFree: 10736365568
  swapTotal: 10736365568
  uptime: 1h 44m 0.32s (Approximately 0.04 days)
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  configFile: /home/smit/.config/containers/storage.conf
  containerStore:
    number: 6
    paused: 0
    running: 1
    stopped: 5
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: Unknown
      Version: |-
        fusermount3 version: 3.9.2
        fuse-overlayfs: version 1.1.0
        FUSE library version 3.9.2
        using FUSE kernel interface version 7.31
  graphRoot: /home/smit/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 2
  runRoot: /run/user/1000/containers
  volumePath: /home/smit/.local/share/containers/storage/volumes
version:
  APIVersion: 1
  Built: 1594586818
  BuiltTime: Mon Jul 13 02:16:58 2020
  GitCommit: 201c9505b88f451ca877d29a73ed0f1836bb96c7
  GoVersion: go1.14.4
  OsArch: linux/amd64
  Version: 2.0.2

Package info (e.g. output of rpm -q podman or apt list podman):

❯ pacman -Qi podman       
Name            : podman
Version         : 2.0.2-1
Description     : Tool and library for running OCI-based containers in pods
Architecture    : x86_64
URL             : https://github.com/containers/libpod
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : cni-plugins  conmon  device-mapper  iptables  libseccomp  runc  slirp4netns  libsystemd  fuse-overlayfs  skopeo
Optional Deps   : podman-docker: for Docker-compatible CLI
                  btrfs-progs: support btrfs backend devices [installed]
                  catatonit: --init flag support
                  crun: support for unified cgroupsv2
Required By     : None
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 89.08 MiB
Packager        : Morten Linderud <[email protected]>
Build Date      : Mon 13 Jul 2020 02:16:58 AM IST
Install Date    : Tue 21 Jul 2020 07:21:27 PM IST
Install Reason  : Explicitly installed
Install Script  : No
Validated By    : Signature

Additional environment details (AWS, VirtualBox, physical, etc.):

OS: ArchLinux
Bare Metal System/ Physical

kinbug

Source