podman sock not working in Fedora 41 image (rootful mode)

[hasan4791]

Description

Podman sock isn't working in podman-rootful template having Fedora 41 image in my Mac M1 pro.

Steps to reproduce:

1. limactl create template://podman-rootful --vm-type vz --cpus 4 --memory 8 --network vzNAT --rosetta --mount-writable --mount-type virtiofs
2. podman system connection add lima-podman-rootful "unix:///Users/chasan/.lima/podman-rootful/sock/podman.sock"
3. podman system connection default lima-podman-rootful

 (chasan-working) vpn-proxy> podman images
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: Get "http://d/v5.3.1/libpod/_ping": EOF
(chasan-working) vpn-proxy> 

Workaround:
Updated the following image in template and everything is working fine.

- location: "https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/aarch64/images/Fedora-Cloud-Base-Generic.aarch64-40-1.14.qcow2"
  arch: "aarch64"
  digest: "sha256:ebdce26d861a9d15072affe1919ed753ec7015bd97b3a7d0d0df6a10834f7459"

[AkihiroSuda]

Fedora 41 (Lima v1.0.2):

$ limactl shell podman-rootful curl --unix-socket /run/podman/podman.sock http://foo/_ping
curl: (7) Failed to connect to foo port 80 after 0 ms: Could not connect to server

$ limactl shell podman-rootful sudo curl --unix-socket /run/podman/podman.sock http://foo/_ping
OK

$ limactl shell podman-rootful ls -l /run/podman/podman.sock
ls: cannot access '/run/podman/podman.sock': Permission denied

$ limactl shell podman-rootful sudo ls -l /run/podman/podman.sock
srw-rw----. 1 root root 0 Dec 25 16:13 /run/podman/podman.sock

Fedora 40:

$ limactl shell podman-rootful-f40 curl --unix-socket /run/podman/podman.sock http://foo/_ping
OK

$ limactl shell podman-rootful-f40 ls -l /run/podman/podman.sock
srw-rw----. 1 suda suda 0 Dec 25 16:18 /run/podman/podman.sock

Something seems wrong in:

lima/templates/podman-rootful.yaml

Lines 32 to 46 in 5fb9353

	#!/bin/bash
	set -eux -o pipefail
	command -v podman >/dev/null 2>&1 && test -e /etc/lima-podman && exit 0
	if [ ! -e /etc/systemd/system/podman.socket.d/override.conf ]; then
	mkdir -p /etc/systemd/system/podman.socket.d
	cat <<-EOF >/etc/systemd/system/podman.socket.d/override.conf
	[Socket]
	SocketUser={{.User}}
	EOF
	fi
	if [ ! -e /etc/tmpfiles.d/podman.conf ]; then
	mkdir -p /etc/tmpfiles.d
	echo "d /run/podman 0700 {{.User}} -" > /etc/tmpfiles.d/podman.conf
	fi
	dnf -y install --best podman && touch /etc/lima-podman

[AkihiroSuda]

/var/log/cloud-init-output.log differs.

Fedora 41:

LIMA 2024-12-25T16:13:34+09:00| Executing /mnt/lima-cidata/provision.system/00000000
+ command -v podman
+ exit 0
LIMA 2024-12-25T16:13:34+09:00| Executing /mnt/lima-cidata/provision.system/00000001
+ systemctl --system enable --now podman.socket
Created symlink '/etc/systemd/system/sockets.target.wants/podman.socket' → '/usr/lib/systemd/system/podman.socket'.
LIMA 2024-12-25T16:13:34+09:00| Exiting with code 0

Fedora 40:

LIMA 2024-12-25T16:18:12+09:00| Executing /mnt/lima-cidata/provision.system/00000000                                                                             
+ command -v podman                                                                                                                                              
+ '[' '!' -e /etc/systemd/system/podman.socket.d/override.conf ']'                                                                                               
+ mkdir -p /etc/systemd/system/podman.socket.d                                                                                                                   
+ cat                                                                                                                                                            
+ '[' '!' -e /etc/tmpfiles.d/podman.conf ']'                                                                                                                     
+ mkdir -p /etc/tmpfiles.d                                                                                                                                       
+ echo 'd /run/podman 0700 suda -'                                                                                                                               
+ dnf -y install podman
[...]
Complete!
LIMA 2024-12-25T16:18:52+09:00| Executing /mnt/lima-cidata/provision.system/00000001
+ systemctl --system enable --now podman.socket
Created symlink /etc/systemd/system/sockets.target.wants/podman.socket → /usr/lib/systemd/system/podman.socket.
LIMA 2024-12-25T16:18:52+09:00| Exiting with code 0

[afbjorklund]

This should have been fixed with the previous commit ab544b5

Red Hat's installation of podman (or docker) requires connecting to the VM as root@ (or using sudo), for rootful...

So not only did we keep the older pre-installed version, we also kept the original configuration (no lima overrides)

Podman Desktop has the same issue (can't connect), by the way.