Failing chmod of data mount in entrypoint when running rootless docker with specified --user

[raqbit]

I'm trying to use the postgress docker image in the rootless docker daemon mode, which means that the entire docker daemon runs inside of a user namespace.

As expected, when I use this mode and mount a local directory, the local directory is owned by an arbitrary high user id (100069), which is mapped to root (uid 0) in the container. But when I then try to change the userid the container runs with to my own host user with --user 1000 (or user: 1000 in compose), the container gets stuck failing to chmod the data directory in the docker-entrypoint.sh:

chmod: /var/lib/postgresql/data: Operation not permitted

---

I think this error is coming from

postgres/13/alpine/docker-entrypoint.sh

Line 40 in 3690694

chmod 700 "$PGDATA"

(or the non-alpine entrypoint)

but I don't understand why. I verified that the user inside the container is indeed 1000 by replacing the command with id.

---

Command which can be run with docker rootless mod to reproduce the issue:

docker run --user 1000 -v "$PWD/data:/var/lib/posgresql/data" postgres:alpine

[tianon]

I was able to reproduce without rootless -- I think the "correct" solution here is to make the chmod not fail (since PostgreSQL itself will validate later, likely with a better error message), but after applying that adjustment I run into the (expected) initdb: could not look up effective user ID 1000: user does not exist (https://github.com/docker-library/docs/tree/6b36a7702d4b98917b50155d7e38dfcdc59fa530/postgres#arbitrary---user-notes).