Podman socket access denied for backup container

[luca-heitmann]

Hi, I wanted to try this image with podman-compose but the rcb backup command fails with permission denied. I already tried to change the permissions of the socket to rw for all users that didn't help.

It worked by adding privileged=True to the backup container here:

stack-back/src/restic_compose_backup/backup_runner.py

Lines 20 to 30 in e11842b

	container = client.containers.run(
	image,
	command,
	labels=labels,
	detach=True,
	environment=environment + ["BACKUP_PROCESS_CONTAINER=true"],
	volumes=volumes,
	network_mode=f"container:{source_container_id}", # reuse original container network for optional access to docker proxy
	working_dir=os.getcwd(),
	tty=True,
	)

Am I doing something wrong in my configuration?

I am running Podman using podman machine on macos.

compose.yml

services:
  stack-back:
    image: ghcr.io/lawndoc/stack-back:v1.5.3
    restart: unless-stopped
    privileged: true
    environment:
      RESTIC_REPOSITORY: /srv/restic-repo
      RESTIC_PASSWORD: test
      DOCKER_HOST: unix://var/run/docker.sock
    volumes:
      - /run/user/501/podman/podman.sock:/var/run/docker.sock
      - ./backup:/srv/restic-repo

Error message from backup container:

Traceback (most recent call last):
  File "/restic-compose-backup/.venv/bin/rcb", line 10, in <module>
    sys.exit(main())
             ~~~~^^
  File "/restic-compose-backup/restic_compose_backup/cli.py", line 23, in main
    containers = RunningContainers()
  File "/restic-compose-backup/restic_compose_backup/containers.py", line 400, in __init__
    all_containers = utils.list_containers()
  File "/restic-compose-backup/restic_compose_backup/utils.py", line 39, in list_containers
    client = docker_client()
  File "/restic-compose-backup/restic_compose_backup/utils.py", line 29, in docker_client
    return docker.from_env()
           ~~~~~~~~~~~~~~~^^
  File "/restic-compose-backup/.venv/lib/python3.14/site-packages/docker/client.py", line 94, in from_env
    return cls(
        timeout=timeout,
    ...<3 lines>...
        **kwargs_from_env(**kwargs)
    )
  File "/restic-compose-backup/.venv/lib/python3.14/site-packages/docker/client.py", line 45, in __init__
    self.api = APIClient(*args, **kwargs)
               ~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/restic-compose-backup/.venv/lib/python3.14/site-packages/docker/api/client.py", line 207, in __init__
    self._version = self._retrieve_server_version()
                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/restic-compose-backup/.venv/lib/python3.14/site-packages/docker/api/client.py", line 230, in _retrieve_server_version
    raise DockerException(
        f'Error while fetching server API version: {e}'
    ) from e
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))

[lawndoc]

This sounds like a similar issue that I am facing while working on #87. I'll let you know when I figure out what is going on there.

[lawndoc]

To be clear, this error does not seem to be related to the regression. Right now, I think it's related to the difference between Docker and Podman in how socket permissions are handled. I'm hoping I can account for that directly in stack-back so users don't need to configure podman differently than docker.