Issue running the container in rootless Podman

[AdamJel]

Hello,

while my basic setup works without any issue on Windows Docker Desktop, I cannot get it up and running on rhel with rootless Podman. I think I tried everything I and chapGPT could think of, but nothing worked.

Project structure:

.
├── docker
│   └── compose.yaml
└── mosquitto
    ├── conf
    │   ├── mosquitto.conf
    │   └── pwfile
    ├── data
    │   └── mosquitto.db
    └── logs
        └── mosquitto.log

conf file

# network
listener 1883
listener 9001
protocol websockets

# filesystem
persistence true
persistence_location /mosquitto/data
log_dest file /mosquitto/logs/mosquitto.log

# authentication
allow_anonymous true
# password_file /mosquitto/config/pwfile

The issue is with file permissions. I map local files to the container:

name: mqtt_broker

services:
  mqtt-broker:
    image: docker.io/eclipse-mosquitto:2.0
    restart: unless-stopped
    user: 1883:1883
    ports:
      - "1883:1883"
      - "9001:9001"
    volumes:
      - ../mosquitto/conf:/mosquitto/config
      - ../mosquitto/data:/mosquitto/data
      - ../mosquitto/logs:/mosquitto/logs

Starting it from / with podman compose -f docker/compose.yaml up -d and then ... compose ... logs gives:

1720531735: Warning: File /mosquitto/data/mosquitto.db has world readable permissions. Future versions will refuse to load this file.
To fix this, use `chmod 0700 /mosquitto/data/mosquitto.db`.
1720531735: Warning: File /mosquitto/data/mosquitto.db owner is not mosquitto. Future versions will refuse to load this file.To fix this, use `chown mosquitto /mosquitto/data/mosquitto.db`.
1720531735: Warning: File /mosquitto/data/mosquitto.db group is not mosquitto. Future versions will refuse to load this file.
1720531735: Warning: Persistence file is empty.
1720531735: Error: Unable to open log file /mosquitto/logs/mosquitto.log for writing.

I tried setting up every possible combination. I even created the user 'mosquitto' on the local machine, so that I could set the ownership directly to that on the local, so: id mosquitto -> $ id mosquitto uid=1883(mosquitto) gid=1883(mosquitto) groups=1883(mosquitto)

When I apply this ownership to the entire /mosquitto directory ls -la mosquitto:

drwxr-sr-x. 2 mosquitto mosquitto 42 Jul  9 14:22 conf
drwxr-sr-x. 2 mosquitto mosquitto 26 Jul  9 14:38 data
drwxr-sr-x. 2 mosquitto mosquitto 27 Jul  9 14:38 logs

Then compose down and up -d again -> still the same issue. When I exec into the container directly, this is output for ls -la:

drwxr-xr-x    1 mosquitt mosquitt        18 Jul  9 13:12 .
dr-xr-xr-x    1 root     root            45 Jul  9 13:12 ..
drwxr-sr-x    2 nobody   nobody          42 Jul  9 12:22 config
drwxr-sr-x    2 nobody   nobody          26 Jul  9 12:38 data
drwxr-xr-x    2 mosquitt mosquitt         6 Jun 20 22:04 log
drwxr-sr-x    2 nobody   nobody          27 Jul  9 12:38 logs

So it seems like the ownership is not propagated into the container or something. But honestly, my knowledge of container, linux, podman, etc. ends right here. I don't know what is going wrong, nor how to diagnose.

Again, if I run the same command (oh well "docker" instead of "podman") on my local machine, it just works.

I humbly beg for help :)

[NoLdman]

Since you're running RHEL, I assume SELinux i also configured and active on your machine.
If that is the case, you have to modify the context for the container:

    volumes:
      - ../mosquitto/conf:/mosquitto/config;Z
      - ../mosquitto/data:/mosquitto/data:Z
      - ../mosquitto/logs:/mosquitto/logs:Z

(see Podman Documentation - Volumes for more information)

PS: I never use compose files, but I assume it's the same syntax. :sweat_smile: