jails podman running httpd:alpine - HTTP 403

R

rmomota

Hi!
I'm trying to figure out if I can use freebsd to develop and test containers to later use in kubernetes.
After installing podman and setup the necessary rules in pf.conf I'm able to launch images now.
I was trying to test a simple apache server container and I got surprised getting a 403 error in a clean image.
Here are the httpd logs I got:
Sat Aug 02 10:34:06.638674 2025] [core:error] [pid 47359:tid 108523] (13)Permission denied: [client ::1:56856] AH00035: access to / denied (filesystem path '/usr') because search permissions are missing on a component of the path
::1 - - [02/Aug/2025:10:34:06 +0000] "GET / HTTP/1.1" 403 199

It should return a "It works!" page.

I don't have an idea of what is really happening here.
 
rmomota said:
filesystem path '/usr'
Click to expand...
Looks like you're missing some permissions on the filesystem. A quick guess, various directories under /usr/ need chmod o+rx ... so the www/apache user can actually traverse the filesystem.
 
The same image is working in other system, Linux and MacOs.
sudo podman run --rm --platform=linux/amd64 -p 8080:80 -it httpd:alpine

the error 403 is obtained with a curl inside the containter itself, same image is working in other systems.
It must be something related to FreeBSD.

Another problem I'm facing is that from the host I can't curl into podman container.
curl http://localhost:8080
doesn't get a response but the connection gets dropped as soon as I terminate the container.
podman container is able to reach the internet.
 
Have you tested a bare Linux container on FreeBSD Podman first? I ran into a few problems last year when I tried this but I think they were overcome when I configured Linux correctly with the matching userlands. On FreeBSD I had Linux compatibility working for Alpine and Ubuntu with userlands in /compat/alpine and /compat/ubuntu . For containers builds, I settled on just using Alpine and adjusted docker-compose.yml to pull Alpine based dependencies. They ran fine in Docker on Alpine Linux on real hardware and in Podman on FreeBSD with Alpine Linux compatibility installed.

I used the following YouTube video as a tutorial for getting Alpine Linux running on FreeBSD before moving on to Podman.
View: https://youtu.be/2JfAYnnobhM
 
Try using curl pointed at the Podman host's actual interface IP address and not the loopback address.
 
vmb said:
Try using curl pointed at the Podman host's actual interface IP address and not the loopback address.
Click to expand...
Damn it worked!
I wonder why that never crossed my mind 😂
It does not even need the to expose the address at loopback with -p 8080:80
Thank you for that tip vmb

But hit the 403 issue now.
 
vmb said:
Have you tested a bare Linux container on FreeBSD Podman first? I ran into a few problems last year when I tried this but I think they were overcome when I configured Linux correctly with the matching userlands. On FreeBSD I had Linux compatibility working for Alpine and Ubuntu with userlands in /compat/alpine and /compat/ubuntu . For containers builds, I settled on just using Alpine and adjusted docker-compose.yml to pull Alpine based dependencies. They ran fine in Docker on Alpine Linux on real hardware and in Podman on FreeBSD with Alpine Linux compatibility installed.

I used the following YouTube video as a tutorial for getting Alpine Linux running on FreeBSD before moving on to Podman.
View: https://youtu.be/2JfAYnnobhM
Click to expand...
This tutorial is not related to podman containers but to run Alpine jails as in Linux
I'm trying to use podman.
 
rmomota said:
This tutorial is not related to podman containers but to run Alpine jails as in Linux
I'm trying to use podman.
Click to expand...
Yes, I know. Get the Linux compatibility working for jails and it will work for Podman. Podman containers run as jails on FreeBSD. Linux compatibility with a valid userland is required to run containers that are built with Linux on a FreeBSD Podman host. If you don't get Linux compatibility running first, you will only be able to build and run native FreeBSD containers.
 
I did that and then suddenly decided do delete Ubuntu folder to start over.
Guess what.. lost everything
I know this is a stupid question for a stupid action I just did, is there a undelete for UFS?
You know I thought jails filesystem was isolated right?
But no... there are mounts for some folders.
Deleted my home folder and I don't know what else is gone yet.
Mostly there's nothing important here except one or another important document that I still do not have a backup and now it's gone.
I wasn't really expecting this.
 
rmomota said:
I did that and then suddenly decided do delete Ubuntu folder to start over.
Guess what.. lost everything
I know this is a stupid question for a stupid action I just did, is there a undelete for UFS?
You know I thought jails filesystem was isolated right?
But no... there are mounts for some folders.
Deleted my home folder and I don't know what else is gone yet.
Click to expand...
You only need the linux service which loads the linux kernel modules and mounts the needed filesystems. You don't need to install Linux userland at all. Did you bind-mount $HOME into a Linux chroot?
 
  • Like
Reactions: vmb
rbranco said:
You only need the linux service which loads the linux kernel modules and mounts the needed filesystems. You don't need to install Linux userland at all. Did you bind-mount $HOME into a Linux chroot?
Click to expand...
No I didn't, but it got bind during setup.
Seems I have a bigger problem now 😂
 
rbranco said:
You only need the linux service which loads the linux kernel modules and mounts the needed filesystems. You don't need to install Linux userland at all.
Click to expand...
I will try that next time I build a Podman host. I usually get a jail tested working with Linux compatibility before starting the Podman install. Not having to install the Linux userland will save diskspace on VPS that don't have much to start with.
 
rmomota said:
No I didn't, but it got bind during setup.
Seems I have a bigger problem now 😂
Click to expand...
I am sorry if I you performed an unnecessary userland install. If you have to re-install FreeBSD, use ZFS and snapshots. This will give you an 'undelete' of sorts if you rollback to the last snapshot.
 
well, it happened, I some part of the process I did had some entries in fstab and forgot it completely I did that setup.
I only needed to recover few documents but unfortunately it's all gone now.
should have a backup
 
You must log in or register to reply here.
Back
Top