From 692a640ffb7d40ae01f094f0cbb6ad1695a7a337 Mon Sep 17 00:00:00 2001
From: Georgios Andrianakis <geoand@gmail.com>
Date: Wed, 7 Feb 2024 13:42:18 +0200
Subject: [PATCH] Fix AppCDS generation when using podman

We use the same trick as used in native-image
building

Fixes: #38616
---
 .../deployment/pkg/steps/AppCDSBuildStep.java   | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java
index 87267e781a429..f63ba4db003e2 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/AppCDSBuildStep.java
@@ -194,11 +194,18 @@ private List<String> dockerRunCommands(OutputTargetBuildItem outputTarget, Strin
         command.add(outputTarget.getOutputDirectory().toAbsolutePath().toString() + ":" + CONTAINER_IMAGE_BASE_BUILD_DIR
                 + ":z");
         if (SystemUtils.IS_OS_LINUX) {
-            String uid = getLinuxID("-ur");
-            String gid = getLinuxID("-gr");
-            if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) {
-                command.add("--user");
-                command.add(uid + ":" + gid);
+            if (containerRuntime.isDocker() && containerRuntime.isRootless()) {
+                Collections.addAll(command, "--user", String.valueOf(0));
+            } else {
+                String uid = getLinuxID("-ur");
+                String gid = getLinuxID("-gr");
+                if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) {
+                    Collections.addAll(command, "--user", uid + ":" + gid);
+                    if (containerRuntime.isPodman() && containerRuntime.isRootless()) {
+                        // Needed to avoid AccessDeniedExceptions
+                        command.add("--userns=keep-id");
+                    }
+                }
             }
         }
         command.add("-w");