Having an issue with getting podman containers working. Curious if anyone's got a workaround.
In a nutshell, I installed podman in native Terminal, then configured graphroot to go to a folder I created in /mnt/shared (which, of course, is a share pointing to the "Download" folder on the host device). This is because the Debian VM generated by Terminal is hard-limited to 16 GB and a lot of images I'd be downloading are going to hit that limit fast. However, when I try to run a container of the "hello-world" image as a test, I get a permission denied error as podman is trying to create a symlink in /mnt/shared and AFAIK that's a thing the Terminal app is going to block hard. (I'm assuming this is a security feature implemented by the AOSP devs upstream and for good reason).
I'm looking for a way to either disable symlinking on podman (feeling pessimistic here as I'm going to assume symlinking is likely an essential operation podman needs to do), generate symlinks on /mnt/shared (really reluctant to do this as it seems that'd create vulnerabilities), or some other kind of possible workaround.
Device Info:
Model: Pixel Tablet
Android: 15
GOS Build: 2025032100
Kernel: 6.1.0-29-avf-arm64
Steps to Reproduce:
- Ensure developer options are enabled and terminal app is installed
sudo apt install podman to install podman- Create a config file
mkdir -p ~/.config/containers && cd ~/.config/containers && touch storage.conf
nano storage.conf, paste the following, and save:
[storage]
driver = "overlay"
graphroot = "mnt/shared/containers/storage"
- (Optional) Run
podman info to ensure storage paths are pointed correctly
- Attempt to pull and run hello-world
podman run hello-world
Expected Outcome: Podman pulls hello-world image and runs a containerized instance of it.
Actual Outcome: Podman throws the following Permission Denied error because it attempted to create a symlink on host:
Resolved "hello-world" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/hello-world:latest...
Getting image source signatures
Copying blob sha256:c9c5fd25a1bdc181cb012bc4fbb1ab272a975728f54064b7ae3ee8e77fd28c46
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:c9c5fd25a1bdc181cb012bc4fbb1ab272a975728f54064b7ae3ee8e77fd28c46": creating layer with ID "98a92b28c9b8d3cd4353801cba6ad181e86aaa616221e14739210acbda35b7fd": symlink ../98a92b28c9b8d3cd4353801cba6ad181e86aaa616221e14739210acbda35b7fd/diff /mnt/shared/containers/storage/overlay/l/ISTRIHTMMOYZZJDDCCVZ3TZI32: permission denied
Edit: Tidied up a few things into code blocks for easier reading.