users can't connect to podman.sock after reboot

Question

On an OL8 box I am installing podman, podman-docker and docker compose.

Everytime I start podman or podman.socket the owner and group of /run/podman/podman.sock are root and root. I've seen many many posts about adding a group called 'docker' but lots of them don't mention about the podman.socket being part of docker group. I found one post that mentions adding an override to the service which I have done.

vi /etc/systemd/system/podman.socket.d/override.conf
[Socket]
SocketGroup=docker

On restarting the server the permission are as follows:

ls -la /var/run/docker.sock
lrwxrwxrwx. 1 root root 23 Mar 15 11:50 /var/run/docker.sock -> /run/podman/podman.sock

ls -al /run/podman/podman.sock
srw-rw----. 1 root docker 0 Mar 21 10:08 /run/podman/podman.sock

When a user tries to run "docker-compose" the following error is seen:

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: 
Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.project%3Dtesting%22%3Atrue%7D%7D": dial unix /var/run/docker.sock: connect: permission denied

the user cannot see the file:

$ ls /run/podman/podman.sock
ls: cannot access '/run/podman/podman.sock': Permission denied

They are in the 'docker' group.

However, if I log in as root and run:

systemctl stop podman.socket
rm -rf /run/podman
systemctl daemon-reload
systemctl start podman.socket

The user can see the file and run the containers with the docker-compose command. The permissions/owner/group on the socket haven't changed.

$ ls -al /run/podman/podman.sock
srw-rw----. 1 root docker 0 Mar 21 11:08 /run/podman/podman.sock

If I reboot, permission is denied again.

Any ideas or suggestions would be appreciated.

Thanks

Answer 1

you have to run as user:

systemctl --user enable podman.socket
systemctl --user start podman.socket
systemctl --user status podman.socket

you need to set the env var in .bash_profile of the user:

export DOCKER_HOST=unix:///run/user/$UID/podman/podman.sock

This is important as the /run/podman/podman.sock is the root-ful mode which is symlinked to /var/run/docker.sock.

After reboot the status is activ as expected as user:

$ systemctl --user status podman.socket
● podman.socket - Podman API Socket
   Loaded: loaded (/usr/lib/systemd/user/podman.socket; enabled; vendor preset: enabled)
   Active: active (listening) since Wed 2023-06-07 14:11:29 CEST; 25s ago
     Docs: man:podman-system-service(1)
   Listen: /run/user/10001/podman/podman.sock (Stream)
   CGroup: /user.slice/user-10001.slice/[email protected]/podman.socket

you not need sudo as this normal user in this case and you dont have to change you user groups or something like this.