java.nio.file.AccessDeniedException when using Podman on "rootless" mode

rcsilva83 · December 8, 2023, 6:13pm

I’m trying to migrate to rootless mode in Podman (ie running Sonarqube’s container with a non-root user) but I’m getting the following error while starting it for the second time (it works well on the first time):

java.nio.file.AccessDeniedException: /opt/sonarqube/data/web/deploy/plugins/python/sonar-python-plugin-3.24.1.11916.jar

I’m running with the following command:

podman run --user=1000 -p 9000:9000 \
-v sonarqube_data:/opt/sonarqube/data \
-v sonarqube_extensions:/opt/sonarqube/extensions \
-v sonarqube_logs:/opt/sonarqube/logs 
docker.repo.bcnet.bcb.gov.br/sonarqube:9.9.3-community

The podman top -l huser returns HUSER (Host User) as 100999 and the jar file has the right owner:

$ sudo ls -la volumes/sonarqube_data/_data/web/deploy/plugins/python
total 7888
drwxrwxrwx.  2 100999 100999      50 Dec  8 14:40 .
drwxrwxrwx. 19 100999 100999    4096 Dec  8 14:40 ..
-rwxrwxrwx.  1 100999 100999 8069140 Nov 10 05:25 sonar-python-plugin-3.24.1.11916.jar

Changing permissions to 777 doesn’t solve the issue but it works after deleting the plugins directory.

Does anybody had a problem with this?

Regards,

Rodrigo

carmine.vassallo · December 20, 2023, 2:53pm

Hi Rodrigo,

thanks for posting in our community!

I’m trying to migrate to rootless mode in Podman (ie running Sonarqube’s container with a non-root user)

Unfortunately, we don’t support Podman yet and, at the moment, we cannot really provide a timeline for this. However, we want to remind you that our latest SonarQube containers run without a root user. Do you have specific needs for preferring Podman over Docker as container runtime? It would be very valuable for us to know more about your use case

I’m getting the following error while starting it for the second time (it works well on the first time):

You are right, we were able to reproduce this issue: with Podman, we faced the same error when running the container the second time and reusing the volumes. However, a few interesting points for you:

when using Docker as the container runtime, the issue does not occur. You would not face any file-permission-related errors.
if you strictly need to use Podman, the issue does not occur when using the latest SonarQube image (i.e., sonarqube:10-community)

Can you try one of those solutions? Do they work for you?

system · January 2, 2024, 5:32pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.