I'm trying to run rootless Podman containers with
podman container create --name postgres --expose 5432 --memory 512M --hostname postgres --volume /home/user/some/path/postgres:/var/lib/postgresql/data:Z,U --userns keep-id --env POSTGRES_USER=admin --env POSTGRES_PASSWORD=secret docker.io/postgres:14
but I'm getting the error message
Error: error stat'ing file `/home/user/some/path/postgres`: Permission denied: OCI permission denied
The destination path /home/user/some/path is within a gocryptfs mount. Mapping the volume outside the path works flawlessly.
So far I thought that --userns keep-id should avoid permission issues for rootless containers but if I'm removing the option I'm getting the error message
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
As far as I understood, providing the options --uidmap and --gidmap could help as well but I'm not sure how I can provide the proper values for it.
Under the hood I'm using Ansible to configure the containers.
EDIT: Now I also created a Podman issue.
The reason for this error was that the mount wasn't done with the fuse parameter allow_other.