I’m not really sure where the right place to ask is, but I figure this is a good place for docker related questions.
I have recently installed Bazzite as my daily driver, previously I was on Nobara. The main difference here is that Bazzite is immutable, so you can’t (or shouldn’t) install stuff in the normal way as it may get overwritten by updates.
I have a bunch of docker compose YAML files. I want to run these locally. But I also don’t want to tweak anything in the files to get them running because they should be able to be copied to a prod environment as is or the local test environment isn’t a good test. Prod would be either my Linux Mint server or an Ubuntu Server one.
Bazzite has a ujust script available for installing docker, but this doesn’t include docker compose, and I’m not sure how to add that in.
Searching online shows everyone saying just use podman, it comes pre-installed and is a drop in replacement. The problem is that it doesn’t work.
Maybe that’s my question, why isn’t my compose.yaml working with podman?
For example, the container gives me a bunch of messages about missing environment variables, but they are set in the compose.yaml.
I also get a bunch of permissions errors. E.g. here is the mariadb trying to access a directory and then trying to change the ownership:
[db] | find: ‘/var/lib/mysql/’: Permission denied
[db] | chown: changing ownership of '/var/lib/mysql/': Permission denied
Volumes are all bind mounts. After the container created the local directories, I set all the permissions to 777 as a test and took the containers down then up and it still complains about permissions.
I feel like there is something specific to podman or Bazzite I’m not understanding. Any help?
I’m also happy to take suggestions on other ways to use docker compose in Bazzite.
Thanks in advance!
Edit: I have solved this by adding a Z flag to my bind mounts (./localdir:/containerdir:Z) as per this answer.
You must log in or register to comment.
I wonder if SELinux is the culprit here. Bazzite is based on Fedora, right (like Nobara)?
I mentioned this in my original post.
Searching online shows everyone saying just use podman, it comes pre-installed and is a drop in replacement. The problem is that it doesn’t work.
But someone else has mentioned the issue is the containers are rootless by default, so I’ll explore that line of troubleshooting.
@Dave if not, I recommend checking out distrobox which comes pre installed and should be able to achieve what you want
Thanks, I had already played a bit with distrobox and hadn’t worked that out either. It seems adding a Z flag to my bind mount to keep SELinux happy is all that was needed.
I was running Nobara before, which is also based on Fedora, so not sure why it would be different in regards to SELinux?
when I moved my docker setup to a fedora coreos podman setup, the volume mounts required an additional option for a label to play nice with selinux. ‘z’ if the mount is shared between multiple containers and ‘Z’ if its just for one container.
the podman docs definitely go into more details.
ive also seen people talk on the discord about scripts that can take your yaml files and write container files to be used with podman-systemd that seemed pretty nice. i think there is also a podman-compose option out there, but I’m not super familiar with that.
Oh shit I think that’s it! I’ve added that Z flag to each bind mount declaration in compose.yaml, and it seems to be running properly now. Thanks!
Any idea what the implications are of this transferring to an ubuntu based distro?
im not sure about ubuntu based distros. without selinux, you may not need the extra option on the volume mount.
Ok thanks, I’ll have to be extra careful deploying any changes.
Glad you figured it out! One more nuance I discovered, there is a difference between
podman-composeandpodman composeThe latter is equivalent to usingdocker composeAlso in terms of community, their Discord (if you’re okay with using it) is quite responsiveThanks! I did see there’s a docker format and a podman format which I assume is what this difference is about. I’m not against discord but I’ve never really used it. I’ll check it out if I get desperate 🙂
Podman runs rootless containers, this means their permissions do not work like docker, and it is not in fact a drop-in replacement for docker as you’ve discovered. The rootless containers are the key difference. You could try to run a rootful container instead, or if you read this thread by someone encountering the same issue as it sounds like you are running into including using mode 777 maybe their comment later on with the solution for them might help you too. But yes, podman is not exactly a drop-in replacement for docker in my experience. It is quite different, though mostly compatible.
this means their permissions do not work like docker, and it is not in fact a drop-in replacement for docker
It might a drop-in replacement for Docker if you’re running Docker in rootless mode? Not sure how common that is, though.
As far as I can tell, you just run the command with sudo to run as root? But this doesn’t help, I have been using sudo.
Edit: I think this is solved, someone else mentioned using the Z flag on the bind mount declaration and it seems to be working!
Thanks, I will have a go at trying to get it running as a rootful container!
It’s an immutable distro, so the regular locations on the filesystem are all read-only. The only way you can do this is making sure you mount separate storage, or use the userspace home mount or whatever they call it. It’s trivial to move the docker dir to wherever, so just do that.
I’m already using bind mounts under the /home directory. I learnt pretty early on day 1 not to fight the distro, so I’m trying to understand the way Bazzite wants this to be done. From another reply, it sounds like it’s a difference in rootless/rootful containers so I’m going to try to work out how to run a podman container as root and see if this helps.
No, it’s the difference between your docker service knowing it’s datadir isn’t in /var/lib and not.
Shut down docker. Create a datadir in your writeable mount, change the docker configs to point to the new location, and restart.
Here’s an example: https://linuxconfig.org/how-to-move-docker-s-default-var-lib-docker-to-another-directory-on-ubuntu-debian-linux
I seem to have got it working using podman, adding a Z flag to the bind mount to make SELinux happy.
