Skip to content

Rootless podman guide#3183

Merged
sspencerwire merged 14 commits intorocky-linux:mainfrom
metalllinux:rootless-podman-guide
Mar 4, 2026
Merged

Rootless podman guide#3183
sspencerwire merged 14 commits intorocky-linux:mainfrom
metalllinux:rootless-podman-guide

Conversation

@metalllinux
Copy link
Contributor

@metalllinux metalllinux commented Mar 4, 2026
edited by sspencerwire
Loading

From my work helping to solve issues with rootless podman and I believe this will be beneficial to others in the community. Rootless podman can be challenging to set up. All commands and solutions listed in this ticket have been tested on Rocky Linux 8, 9, and 10.

Author checklist (Completed by original Author)

  • Good fit for the Rocky Linux project? Title and Author Metatags inserted ?
  • If applicable, steps and instructions have been tested to work
  • Initial self-review to fix basic typos and grammar completed

Rocky Documentation checklist (Completed by Rocky team)

  • 1st Pass (Document is good fit for project and author checklist completed)
  • 2nd Pass (Technical Review - check for technical correctness)
  • 3rd Pass (Detailed Editorial Review and Peer Review)
  • Final approval (Final Review)

metalllinux and others added 14 commits March 3, 2026 14:43
@metalllinux
Add rootless Podman advanced topics and troubleshooting guide
9ffc9cf 
Covers prerequisites, supplementary GID mapping, NFS limitations,
multicast restrictions, D-Bus troubleshooting, Apptainer fakeroot
interaction, and custom wrapper script patterns for Rocky Linux.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Howard Van Der Wal <hvanderwal@ciq.com>
@metalllinux
Update guide title to Rootless Podman on Rocky Linux
857caec 
Assisted-by: Claude claude-sonnet-4-6
@metalllinux
Test on Rocky Linux 8.10, 9.7, and 10.1 and update guide
766c5a3 
Add Rocky 8 cgroups v2 enablement instructions, update tested with
field to cover all three major versions, and clarify version-specific
Podman and networking differences.

Assisted-by: Claude claude-sonnet-4-6
@metalllinux
Update tested with to specific minor versions
d38d730 
Assisted-by: Claude claude-sonnet-4-6
@metalllinux
Add full stops to prerequisites list items
8486e99 
Assisted-by: Claude claude-sonnet-4-6
@metalllinux @claude
Remove incorrect uid_map verification section
65d27f4 
The cat /proc/self/uid_map check showed expected output of
"0 1000 1" for non-root users, but actual testing on Rocky 9.7
confirmed all users see "0 0 4294967295" on the host — the 1:1
identity mapping of the initial namespace. The output "0 1000 1"
only appears inside a user namespace, not in a regular shell.
The sysctl check already verifies user namespace support.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@metalllinux @claude
Fix Apptainer supplementary GID claim and minor formatting
be8d4b3 
Testing confirmed Apptainer fakeroot only maps the main subordinate
range from /etc/subgid, not individual GID entries. Supplementary
groups show as nobody(65534) in Apptainer regardless of subgid
configuration. Updated guide to clarify this limitation. Also
removed backticks from section heading and added full stops.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@metalllinux @claude
Fix supplementary group section based on Podman 5.6 testing
f828650 
Testing on Rocky 9.7 with Podman 5.6.0 revealed that:
- Explicit --group-add <GID> works correctly without subgid entries
- --group-add=keep-groups shows 65534(nobody) without subgid entries
  and 0(root),1(bin) with subgid entries — broken in both cases
- Adding supplementary GIDs to /etc/subgid does not fix the issue

Rewrote the supplementary group section to correctly identify
--group-add=keep-groups as the problem and explicit --group-add as
the solution. Removed incorrect subgid-based fix instructions.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@metalllinux @claude
Update D-Bus section with verified error message and update conclusion
b24aa71 
Testing on Rocky 9.7 with pam_systemd.so disabled confirmed:
- The actual Podman 5.6 error is "mkdir /run/user/1001: permission
  denied" not "dbus: couldn't determine address of session bus"
- All verification and fix commands work as documented
- Wrapper script examples work correctly for all three invocation
  patterns

Updated conclusion to reference all tested Rocky Linux versions
(8, 9, and 10) and added full stops to bullet points.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@metalllinux @claude
Include both D-Bus error messages with version context
5c93a8f 
The dbus error appears on Rocky Linux 8 with Podman 4.9. The
permission denied error appears on Rocky Linux 9 and 10 with
Podman 5.6. Both share the same root cause and fix.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@metalllinux @claude
Change title to Rootless Podman and add link to Podman guide
f97923a 
Shortened the title and added a paragraph in the introduction
directing users to the existing Podman guide for basic usage.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@metalllinux @claude
Add superscript reference citations throughout guide
e931a00 
Added ^N^ superscript citations in the body text linking to the
numbered references section, following the Rocky Linux documentation
formatting guidelines used in the Slurm guide.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@metalllinux @claude
Remove Podman docs reference and update PAM note for Rocky 10
0bfcd34 
Removed unused Podman documentation reference and renumbered
remaining citations. Updated PAM -session note to include Rocky
Linux 10, confirmed by testing on Rocky 10.1.

Assisted-by: Claude claude-sonnet-4-6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sspencerwire
Add AI usage section to rootless Podman guide
99174b2 
Added AI usage section with contribution policy link.
sspencerwire
sspencerwire approved these changes Mar 4, 2026
View reviewed changes
@github-actions
Copy link

github-actions bot commented Mar 4, 2026

Test results for 99174b2:

Number of broken URLs: 14

 
URL,RESULT,FILENAME
 http://$(hostname):8080,failed,guides/repositories/pulp_fetch_upload.md
 http://your_ip,failed,guides/cms/mediawiki.md
 https://dl.rockylinux.org/pub/rocky/9.6/live/x86_64/,failed,guides/desktop/kde_installation.md
 https://wiki.rockylinux.org/team/release_engineering/debranding/,failed,guides/package_management/package_debranding.md
 https://ftp.gnu.org/gnu/tar/,failed,guides/backup/tar.md
 https://support.torproject.org/glossary/pluggable-transports/,failed,guides/proxies/tor_relay.md
 https://docs.rockylinux.org/guides/contribute/ai-contribution-policy.md,failed,guides/contribute/README.md
 https://allcontributors.org/docs/en/emoji-key,failed,guides/contribute/README.md
 https://andyscott.me,failed,guides/contribute/README.md
 https://git.launchpad.net/cloud-init,failed,guides/virtualization/cloud-init/07_contributing.md
 https://www.packer.io/docs/builders/vsphere/vsphere-iso,failed,guides/automation/templates-automation-packer-vsphere.md
 https://ftp.gnu.org/gnu/hello/hello-2.12.tar.gz,failed,labs/systems_administration_I/lab7-software_management.md
 https://repocompare.rockylinux.org,failed,release_notes/8_5.md
 https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir,failed,books/admin_guide/13-softwares.md

@sspencerwire sspencerwire merged commit c79aad6 into rocky-linux:main Mar 4, 2026
3 checks passed
@metalllinux
Copy link
Contributor Author

metalllinux commented Mar 5, 2026

Excellent, thank you for the merge here Steven.

@metalllinux metalllinux deleted the rootless-podman-guide branch March 5, 2026 03:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sspencerwire sspencerwire sspencerwire approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@metalllinux @sspencerwire