From 2fdffc0acbdee7b37ec74d80153e4dfc3d5eac41 Mon Sep 17 00:00:00 2001 From: Claude Date: Sun, 22 Mar 2026 10:50:41 +0000 Subject: [PATCH] Fix builds delegating to host Podman via CONTAINER_HOST build.sh calls `podman build` inside the server container. DOCKER_HOST is a Docker CLI variable; Podman does not use it to automatically switch to remote mode. Without CONTAINER_HOST set, Podman runs locally inside the (unprivileged) container, has no user-namespace support, and lchown fails for any layer file owned by a non-zero GID (e.g. gid=42 for /etc/shadow). Setting CONTAINER_HOST=tcp://podman-proxy:2375 makes Podman automatically operate in remote mode and delegate all operations to the host Podman service, which has the correct subuid/subgid mappings and full user-namespace support. https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH --- infra/docker-compose.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml index 46c7ee1..78a5e47 100644 --- a/infra/docker-compose.yml +++ b/infra/docker-compose.yml @@ -41,6 +41,12 @@ services: HIY_BUILD_SCRIPT: /app/builder/build.sh CADDY_API_URL: http://caddy:2019 DOCKER_HOST: tcp://podman-proxy:2375 + # CONTAINER_HOST is the Podman-native equivalent of DOCKER_HOST. + # Setting it makes `podman` automatically operate in remote mode and + # delegate all builds/runs to the host's Podman service via the proxy, + # instead of trying to run Podman locally inside this container (which + # would fail: no user-namespace support in an unprivileged container). + CONTAINER_HOST: tcp://podman-proxy:2375 RUST_LOG: hiy_server=debug,tower_http=info depends_on: caddy: