podman permission issue

[so1ar]

Describe the bug

Trying to run qbittorrent via podman using following command:

podman run -it   --name=qbittorrent   -e PUID=1000   -e PGID=1000   -e TZ=Asia/Shanghai   -e WEBUI_PORT=8081   -e TORRENTING_PORT=6881   -p 8081:8081   -p 6881:6881   -p 6881:6881/udp   -v ~/containers/qbittorrent:/config   -v ~/Downloads/:/downloads   --restart unless-stopped   lscr.io/linuxserver/qbittorrent:latest

And I got permission error:

[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────

chown: changing ownership of '/config': Permission denied
**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****
**** The app may not work properly and we will not provide support for it. ****
mkdir: cannot create directory ‘/config/qBittorrent’: Permission denied
cp: cannot create regular file '/config/qBittorrent/qBittorrent.conf': No such file or directory
find: ‘/downloads’: Permission denied
chown: changing ownership of '/downloads': Permission denied
**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****
**** The app may not work properly and we will not provide support for it. ****
find: ‘/config’: Permission denied
chown: changing ownership of '/config': Permission denied
**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****
**** The app may not work properly and we will not provide support for it. ****
[custom-init] No custom files found, skipping...
crond[149]: crond (busybox 1.36.1) started, log level 5
Could not create required directory '/config/.cache/qBittorrent'

I also tried transmission container and got the same error.

While in my Archlinux machine running the same command didn't get any error. I'm not very familiar with podman, and don't know if it is a bazzite issue or podman issue or something I did wrong.

What did you expect to happen?

Podman running containers with no permission errors.

Output of rpm-ostree status

State: idle
Deployments:
● ostree-unverified-registry:ghcr.io/ublue-os/bazzite-ally:stable
                   Digest: sha256:881338ad896912b7dd894f961d1bf5b8396e2a9af381c2108d277cbe4cf3792a
                  Version: 40.20240510.0 (2024-05-10T17:06:30Z)
          LayeredPackages: v2raya
            LocalPackages: daed-0.4.1-1.x86_64

  ostree-unverified-registry:ghcr.io/ublue-os/bazzite-ally:stable
                   Digest: sha256:881338ad896912b7dd894f961d1bf5b8396e2a9af381c2108d277cbe4cf3792a
                  Version: 40.20240510.0 (2024-05-10T17:06:30Z)
          LayeredPackages: v2raya

Hardware

Asus ROG Ally

Extra information or context

No response

[wolfyreload]

This isn't actually Bazzite issue, Podman works a little differently to Docker. I have adjusted your script so I could read it and got it running

# add folder if folder doesn't exist
mkdir -p ~/containers/qbittorrent
# I've added :rw to the end of your volume mounts (it's a podman thing to make it read/writable)
podman run -it \
  --name=qbittorrent \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Asia/Shanghai \
  -e WEBUI_PORT=8081 \
  -e TORRENTING_PORT=6881 \
  -p 8081:8081 \
  -p 6881:6881 \
  -p 6881:6881/udp \
  -v ~/containers/qbittorrent:/config:rw \
  -v ~/Downloads/:/downloads:rw \
  --restart unless-stopped \
  lscr.io/linuxserver/qbittorrent:latest

My output

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────

[custom-init] No custom files found, skipping...
crond[143]: crond (busybox 1.36.1) started, log level 5
WebUI will be started shortly after internal preparations. Please wait...

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8081

The WebUI administrator username is: admin
The WebUI administrator password was not set. A temporary password is provided for this session: abcdefgh
You should set your own password in program preferences.
Connection to localhost (::1) 8081 port [tcp/tproxy] succeeded!

[noelmiller]

This is likely an SELinux issue. You need to account for SELinux contexts when running a rootless container. At the end of each volume mount, you need to include :z.

Example: -v ~/Downloads:/downloads:z

To test if it's SELinux, you could sudo setenforce permissive to set SELinux in permissive mode. This will bypass SELinux and is a great way to test if this is the issue without adding :z to your commands.

[so1ar]

This is likely an SELinux issue. You need to account for SELinux contexts when running a rootless container. At the end of each volume mount, you need to include :z.

Example: -v ~/Downloads:/downloads:z

To test if it's SELinux, you could sudo setenforce permissive to set SELinux in permissive mode. This will bypass SELinux and is a great way to test if this is the issue without adding :z to your commands.

Thanks, including :z fix the issue.