From 6623f8855b430753be14dd86302842f98d906a63 Mon Sep 17 00:00:00 2001 From: Georgios Andrianakis Date: Wed, 7 Feb 2024 13:42:18 +0200 Subject: [PATCH] Fix AppCDS generation when using podman We use the same trick as used in native-image building Fixes: #38616 (cherry picked from commit 692a640ffb7d40ae01f094f0cbb6ad1695a7a337) --- .../deployment/pkg/steps/AppCDSBuildStep.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java index c9ca54d8d6262..1b9bb96b800f5 100644 --- a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java +++ b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java @@ -212,11 +212,18 @@ private List dockerRunCommands(OutputTargetBuildItem outputTarget, Strin command.add(outputTarget.getOutputDirectory().toAbsolutePath().toString() + ":" + CONTAINER_IMAGE_BASE_BUILD_DIR + ":z"); if (SystemUtils.IS_OS_LINUX) { - String uid = getLinuxID("-ur"); - String gid = getLinuxID("-gr"); - if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) { - command.add("--user"); - command.add(uid + ":" + gid); + if (containerRuntime.isDocker() && containerRuntime.isRootless()) { + Collections.addAll(command, "--user", String.valueOf(0)); + } else { + String uid = getLinuxID("-ur"); + String gid = getLinuxID("-gr"); + if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) { + Collections.addAll(command, "--user", uid + ":" + gid); + if (containerRuntime.isPodman() && containerRuntime.isRootless()) { + // Needed to avoid AccessDeniedExceptions + command.add("--userns=keep-id"); + } + } } } command.add("-w");