starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Running installation command fails with podman #321

New Issue
Closed
opened 2026-02-04 19:33:48 +03:00 by OVERLORD · 11 comments
OVERLORD commented 2026-02-04 19:33:48 +03:00
Owner
Copy Link

Originally created by @Venefilyn on GitHub (Jun 14, 2019).

Trying to do the following using podman but getting nowhere. Since podman is defacto standard as a Docker replacement in Fedora 30 I would want to get it to work with it

$ sudo podman run -d --name bitwarden -v /home/spytec/Bitwarden/bw-data/:/data/ -p 80:880 bitwardenrs/server:latest

$ sudo podman logs bitwarden
/--------------------------------------------------------------------\
|                       Starting Bitwarden_RS                        |
|                       Version 1.9.1-fff72889                       |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new |
\--------------------------------------------------------------------/

thread 'main' panicked at 'Can't conect to DB: BadConnection("Unable to open the database file")', src/libcore/result.rs:999:5
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at ./cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2                                                                                                                                                             5/src/backtrace/libunwind.rs:97
   1: backtrace::backtrace::trace_unsynchronized
             at ./cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2                                                                                                                                                             5/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:47
   3: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:36
   4: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:197
   5: std::panicking::default_hook
             at src/libstd/panicking.rs:211
   6: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:474
   7: std::panicking::continue_panic_fmt
             at src/libstd/panicking.rs:381
   8: rust_begin_unwind
             at src/libstd/panicking.rs:308
   9: core::panicking::panic_fmt
             at src/libcore/panicking.rs:85
  10: core::result::unwrap_failed
  11: bitwarden_rs::main
  12: std::rt::lang_start::{{closure}}
  13: std::rt::lang_start_internal::{{closure}}
             at src/libstd/rt.rs:49
  14: std::panicking::try::do_call
             at src/libstd/panicking.rs:293
  15: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:85
  16: std::panicking::try
             at src/libstd/panicking.rs:272
  17: std::panic::catch_unwind
             at src/libstd/panic.rs:388
  18: std::rt::lang_start_internal
             at src/libstd/rt.rs:48
  19: main
  20: __libc_start_main
  21: _start

bw-data looks like this:

$ ll
total 4.0K
drwxrwxr-x. 2 nobody spytec 4.0K Jun 13 16:57 bw-data
Originally created by @Venefilyn on GitHub (Jun 14, 2019). Trying to do the following using podman but getting nowhere. Since podman is defacto standard as a Docker replacement in Fedora 30 I would want to get it to work with it ``` $ sudo podman run -d --name bitwarden -v /home/spytec/Bitwarden/bw-data/:/data/ -p 80:880 bitwardenrs/server:latest $ sudo podman logs bitwarden /--------------------------------------------------------------------\ | Starting Bitwarden_RS | | Version 1.9.1-fff72889 | |--------------------------------------------------------------------| | This is an *unofficial* Bitwarden implementation, DO NOT use the | | official channels to report bugs/features, regardless of client. | | Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new | \--------------------------------------------------------------------/ thread 'main' panicked at 'Can't conect to DB: BadConnection("Unable to open the database file")', src/libcore/result.rs:999:5 stack backtrace: 0: backtrace::backtrace::libunwind::trace at ./cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2 5/src/backtrace/libunwind.rs:97 1: backtrace::backtrace::trace_unsynchronized at ./cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2 5/src/backtrace/mod.rs:66 2: std::sys_common::backtrace::_print at src/libstd/sys_common/backtrace.rs:47 3: std::sys_common::backtrace::print at src/libstd/sys_common/backtrace.rs:36 4: std::panicking::default_hook::{{closure}} at src/libstd/panicking.rs:197 5: std::panicking::default_hook at src/libstd/panicking.rs:211 6: std::panicking::rust_panic_with_hook at src/libstd/panicking.rs:474 7: std::panicking::continue_panic_fmt at src/libstd/panicking.rs:381 8: rust_begin_unwind at src/libstd/panicking.rs:308 9: core::panicking::panic_fmt at src/libcore/panicking.rs:85 10: core::result::unwrap_failed 11: bitwarden_rs::main 12: std::rt::lang_start::{{closure}} 13: std::rt::lang_start_internal::{{closure}} at src/libstd/rt.rs:49 14: std::panicking::try::do_call at src/libstd/panicking.rs:293 15: __rust_maybe_catch_panic at src/libpanic_unwind/lib.rs:85 16: std::panicking::try at src/libstd/panicking.rs:272 17: std::panic::catch_unwind at src/libstd/panic.rs:388 18: std::rt::lang_start_internal at src/libstd/rt.rs:48 19: main 20: __libc_start_main 21: _start ``` bw-data looks like this: ``` $ ll total 4.0K drwxrwxr-x. 2 nobody spytec 4.0K Jun 13 16:57 bw-data ```
OVERLORD commented 2026-02-04 19:34:04 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jun 14, 2019):

Does podman actually run the container with root user inside? Can you maybe try and follow this wiki to start it up? I know it's for docker, but there are generally some guidelines for cases when the user has limited access.

@mprasil commented on GitHub (Jun 14, 2019): Does podman actually run the container with root user inside? Can you maybe try and follow [this wiki](https://github.com/dani-garcia/bitwarden_rs/wiki/Running-docker-container-with-non-root-user) to start it up? I know it's for docker, but there are generally some guidelines for cases when the user has limited access.
OVERLORD commented 2026-02-04 19:34:18 +03:00
Author
Owner
Copy Link

@Venefilyn commented on GitHub (Jun 14, 2019):

You’re correct, from my knowledge Podman only runs containers without root.

Only thing I didn’t do initially with that guide was to change ports. Changing ports didn’t do anything. /bw-data has the right permissions from the guide as I wrote at the end of my last message

@Venefilyn commented on GitHub (Jun 14, 2019): You’re correct, from my knowledge Podman only runs containers without root. Only thing I didn’t do initially with that guide was to change ports. Changing ports didn’t do anything. /bw-data has the right permissions from the guide as I wrote at the end of my last message
OVERLORD commented 2026-02-04 19:34:33 +03:00
Author
Owner
Copy Link

@Venefilyn commented on GitHub (Jun 17, 2019):

Kernel does not allow non-priviledged access to ports under 1024, so setting the port 80 as the wiki article said didn't work either when running Podman under non-root. Setting it as 8080 will get you past an error with port binding.

Though that still leaves me with the error I initially reported, I simply cannot get it to work.

@Venefilyn commented on GitHub (Jun 17, 2019): Kernel does not allow non-priviledged access to ports under 1024, so setting the port 80 as the wiki article said didn't work either when running Podman under non-root. Setting it as 8080 will get you past an error with port binding. Though that still leaves me with the error I initially reported, I simply cannot get it to work.
OVERLORD commented 2026-02-04 19:34:48 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jun 17, 2019):

Just trying random things here, can you try to run the service with WAL disabled in case the locking fails for whatever reason?

@mprasil commented on GitHub (Jun 17, 2019): Just trying random things here, can you try to [run the service with WAL disabled](https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled) in case the locking fails for whatever reason?
OVERLORD commented 2026-02-04 19:35:07 +03:00
Author
Owner
Copy Link

@Venefilyn commented on GitHub (Jun 17, 2019):

No difference

spytec@server:~/Bitwarden$ podman run -d --user 1001 --name bitwarden -e [ROCKET_PORT=8080,ENABLE_DB_WAL=false] -v /home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080 bitwardenrs/server:latest
c57da48a2325df937ec5bdff55a70cbb6949aad2a4d4ffefdf366f18ba3a89d2
spytec@server:~/Bitwarden$ podman logs bitwarden
/--------------------------------------------------------------------\
|                       Starting Bitwarden_RS                        |
|                       Version 1.9.1-fff72889                       |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new |
\--------------------------------------------------------------------/

thread 'main' panicked at 'Can't connect to DB: BadConnection("Unable to open the database file")', src/libcore/result.rs:999:5
note: Run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

spytec@server:~/Bitwarden$ ll
total 4.0K
drwxrwxrwx. 2 spytec spytec 4.0K Jun 13 16:57 bw-data
@Venefilyn commented on GitHub (Jun 17, 2019): No difference ``` spytec@server:~/Bitwarden$ podman run -d --user 1001 --name bitwarden -e [ROCKET_PORT=8080,ENABLE_DB_WAL=false] -v /home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080 bitwardenrs/server:latest c57da48a2325df937ec5bdff55a70cbb6949aad2a4d4ffefdf366f18ba3a89d2 spytec@server:~/Bitwarden$ podman logs bitwarden /--------------------------------------------------------------------\ | Starting Bitwarden_RS | | Version 1.9.1-fff72889 | |--------------------------------------------------------------------| | This is an *unofficial* Bitwarden implementation, DO NOT use the | | official channels to report bugs/features, regardless of client. | | Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new | \--------------------------------------------------------------------/ thread 'main' panicked at 'Can't connect to DB: BadConnection("Unable to open the database file")', src/libcore/result.rs:999:5 note: Run with `RUST_BACKTRACE=1` environment variable to display a backtrace. spytec@server:~/Bitwarden$ ll total 4.0K drwxrwxrwx. 2 spytec spytec 4.0K Jun 13 16:57 bw-data ```
OVERLORD commented 2026-02-04 19:35:16 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jun 17, 2019):

One more thing to check, I've noticed your bw-data folder is owner by nobody:spytec and the access mode is set to 0775. Make sure the UIDs actually match the 1001 UID you're using.

You should be able to just test the permissions by running:

podman run -ti --rm --user 1001 -e [ROCKET_PORT=8080,ENABLE_DB_WAL=false] -v /home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080 bitwardenrs/server:latest /bin/bash

This should drop you to the shell as user 1001. Then try to touch /data/somefile or something like that to see if you can create files in the data directory.

Alternatively you can try to chmod 0777 the folder to rule out permission issue.

@mprasil commented on GitHub (Jun 17, 2019): One more thing to check, I've noticed your `bw-data` folder is owner by `nobody:spytec` and the access mode is set to `0775`. Make sure the UIDs actually match the `1001` UID you're using. You should be able to just test the permissions by running: ```bash podman run -ti --rm --user 1001 -e [ROCKET_PORT=8080,ENABLE_DB_WAL=false] -v /home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080 bitwardenrs/server:latest /bin/bash ``` This should drop you to the shell as user `1001`. Then try to `touch /data/somefile` or something like that to see if you can create files in the data directory. Alternatively you can try to `chmod 0777` the folder to rule out permission issue.
OVERLORD commented 2026-02-04 19:35:22 +03:00
Author
Owner
Copy Link

@Venefilyn commented on GitHub (Jun 17, 2019):

Alternatively you can try to chmod 0777 the folder to rule out permission issue.

Yeah I did this as well, as you can see in the bottom of the previous comment

drwxrwxrwx. 2 spytec spytec 4.0K Jun 13 16:57 bw-data

I noticed my user was 1000 though so I changed the podman run accordingly. Though it reports the same error.

spytec:x:1000:1000::/home/spytec:/bin/bash

Edit: With interactive mode:

1000@1f3bf70da4fc:/$ touch /data/somefile
touch: cannot touch '/data/somefile': Permission denied
1000@1f3bf70da4fc:/$ ls -l data
ls: cannot open directory 'data': Permission denied
1000@1f3bf70da4fc:/$ ls -l / | grep data
drwxrwxrwx.   2 root   root        4096 Jun 13 16:57 data
@Venefilyn commented on GitHub (Jun 17, 2019): >Alternatively you can try to `chmod 0777` the folder to rule out permission issue. Yeah I did this as well, as you can see in the bottom of the previous comment ``` drwxrwxrwx. 2 spytec spytec 4.0K Jun 13 16:57 bw-data ``` I noticed my user was 1000 though so I changed the `podman run` accordingly. Though it reports the same error. ``` spytec:x:1000:1000::/home/spytec:/bin/bash ``` **Edit:** With interactive mode: ```bash 1000@1f3bf70da4fc:/$ touch /data/somefile touch: cannot touch '/data/somefile': Permission denied 1000@1f3bf70da4fc:/$ ls -l data ls: cannot open directory 'data': Permission denied 1000@1f3bf70da4fc:/$ ls -l / | grep data drwxrwxrwx. 2 root root 4096 Jun 13 16:57 data ```
OVERLORD commented 2026-02-04 19:35:34 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jun 17, 2019):

I see, I think it's the way podman mounts the mapped directory. Still weird, because it looks like the directory itself is 0777.. Maybe the problem is that there's no user with UID 1000 in the /etc/passwd file inside the container?

@mprasil commented on GitHub (Jun 17, 2019): I see, I think it's the way podman mounts the mapped directory. Still weird, because it looks like the directory itself is `0777`.. Maybe the problem is that there's no user with UID `1000` in the `/etc/passwd` file inside the container?
OVERLORD commented 2026-02-04 19:35:38 +03:00
Author
Owner
Copy Link

@Venefilyn commented on GitHub (Jun 17, 2019):

I found the issue. I asked in podman mailing list and Matt suspected it was SELinux. After changing context with :Z it now works as expected

Full script I ran:

podman run -d --userns=keep-id --name bitwarden -e ROCKET_PORT=8080 -v /home/spytec/Bitwarden/bw-data/:/data/:Z -p 8080:8080 bitwardenrs/server:latest
@Venefilyn commented on GitHub (Jun 17, 2019): I found the issue. I asked in [podman mailing list](https://lists.podman.io/archives/list/podman@lists.podman.io/thread/4EMA546STPBBKGXMP4A3JDR3OEOYX3RJ/) and Matt suspected it was SELinux. After changing context with `:Z` it now works as expected Full script I ran: ```bash podman run -d --userns=keep-id --name bitwarden -e ROCKET_PORT=8080 -v /home/spytec/Bitwarden/bw-data/:/data/:Z -p 8080:8080 bitwardenrs/server:latest ```
OVERLORD commented 2026-02-04 19:35:51 +03:00
Author
Owner
Copy Link

@Venefilyn commented on GitHub (Jul 18, 2019):

Would there be any plans of supporting Podman in the documentation?

@Venefilyn commented on GitHub (Jul 18, 2019): Would there be any plans of supporting Podman in the documentation?
OVERLORD commented 2026-02-04 19:36:01 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub (Jul 19, 2019):

Absolutely! The wiki is community maintained, if you'd like to create new wiki page for podman with instructions and caveats, I'd really appreciate that. Thanks a lot for coming back to us with the solution.

I think I can close this issue now. Feel free to reopen if anything pops up and if you decide to create wiki page for podman installation, maybe link it from here also, so that's easier to find.

@mprasil commented on GitHub (Jul 19, 2019): Absolutely! The wiki is community maintained, if you'd like to create new wiki page for podman with instructions and caveats, I'd really appreciate that. Thanks a lot for coming back to us with the solution. I think I can close this issue now. Feel free to reopen if anything pops up and if you decide to create wiki page for podman installation, maybe link it from here also, so that's easier to find.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#321
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?