Podman-compose Error EACCES: permission denied, rmdir /usr/src/app/dist

Question

I'm trying to orchestrate databases with an existing docker-compose.yml and Dockerfile that builds a NestJS app, using "extends" for the former in another docker-compose.yml file. I began with the simplest configuration that I could come up with, the following is the content of a docker compose file named "dev.docker-compose.yml":

version: '3.8'

services:
  api:
    user: node
    build:
        context: .
        target: deps
    volumes:
      - .:/usr/src/app
    env_file:
        - .local.env
    command: npm run start:local
    ports:
      - 3000:3000

And this is the stage (target) that I use, in Dockerfile:

# FROM node:18-alpine AS base # Also tried this
FROM node:18.16-bookworm-slim AS base

FROM base as deps

WORKDIR /usr/src/app

COPY --chown=node:node package*.json .npmrc ./

RUN npm ci --ignore-scripts

COPY --chown=node:node . .

USER node

Running docker-compose -f dev.docker-compose.yml up -V --build --abort-on-container-exit, yields:

  ❯ docker-compose -f dev.docker-compose.yml up -V --build --abort-on-container-exit
  Sending build context to Docker daemon  97.85kB
  [1/2] STEP 1/2: FROM node:18.16-bookworm-slim AS base
  [1/2] STEP 2/2: LABEL "com.docker.compose.image.builder"="classic"
  --> Using cache 3ee796e73ae3d85cfcc3f7e78d33929cf20caffcce45848c2742e2d2d775708f
  --> 3ee796e73ae3
  [2/2] STEP 1/8: FROM 3ee796e73ae3d85cfcc3f7e78d33929cf20caffcce45848c2742e2d2d775708f AS deps
  [2/2] STEP 2/8: RUN apt-get update && apt-get -y install dumb-init
  --> Using cache 73a50b822c786935ba01f30090b4ec102a06168c4bf3676c65030735b4669886
  --> 73a50b822c78
  [2/2] STEP 3/8: WORKDIR /usr/src/app
  --> Using cache b59fb50c62f3d617b2d243d2db63686e28d4b79f768a4b1c8f38212a1aab8d8d
  --> b59fb50c62f3
  [2/2] STEP 4/8: COPY --chown=node:node package*.json .npmrc ./
  [+] Building 0.0s (0/0)
  --> Using cache 5b1db35130bf34490a19be3229844a3c077df07a9cc0eaef2f88db5f2a3fe7bc
  --> 5b1db35130bf
  [2/2] STEP 5/8: RUN npm ci --ignore-scripts
  --> Using cache 8a5603f691c52a5abc8e952c9b9306dc47fbcf65eab93e0f531b56b70ae57423
  --> 8a5603f691c5
  [+] Building 0.0s (0/0)
  --> c814c2b0f84e
  [+] Building 0.0s (0/0)
  --> 9cab6d5f03d2
  [+] Building 0.0s (0/0)
  [+] Building 0.0s (0/0)
  --> 2c2529d9b5a5
  Successfully tagged docker.io/library/stix-pay-livelo-api:latest
  2c2529d9b5a5f97e09a18ff41e32ce12887a19d21d686271f262589b9103d4d4
  Successfully built 2c2529d9b5a5
  [+] Building 0.0s (0/0)
  [+] Running 2/2
   ✔ Network stix-pay-livelo_default  Created                                                                                                                                                                                                             0.0s 
   ✔ Container stix-pay-livelo-api-1  Created                                                                                                                                                                                                             0.1s 
  Attaching to stix-pay-livelo-api-1
  stix-pay-livelo-api-1  | 
  stix-pay-livelo-api-1  | > [email protected] start:local
  stix-pay-livelo-api-1  | > npx cross-env NODE_ENV=local nest start --watch
  stix-pay-livelo-api-1  | 
  stix-pay-livelo-api-1  | 
  stix-pay-livelo-api-1  | 
  stix-pay-livelo-api-1  |  Error  EACCES: permission denied, rmdir '/usr/src/app/dist'
  stix-pay-livelo-api-1  |  
  stix-pay-livelo-api-1  | 
  stix-pay-livelo-api-1 exited with code 0
  Aborting on container exit...
  [+] Stopping 1/0
   ✔ Container stix-pay-livelo-api-1  Stopped                                                                                                                                                                                                             0.0s 

Note: all docker related commands are being emulated by Podman CLI.

What have I tried?

• use node user directive (in Dockerfile and Compose file);
• remove the entrypoint, I'm using dumb-init, installing through Dockerfile and using this:

    entrypoint:
      - /usr/bin/dumb-init
      - --

• check image contents ownership:

  ❯ podman run -it 7389833718e6 sh
  /usr/src/app $ ls -la
  total 440
  drwxr-xr-x    1 node     node           284 Jun 24 19:52 .
  drwxr-xr-x    1 node     node             6 Jun 24 19:52 ..
  -rw-r--r--    1 node     node           176 Jun 23 23:19 .dockerignore
  -rw-r--r--    1 node     node           833 Jun 21 20:07 .npmrc
  -rw-r--r--    1 node     node           421 Jun 21 20:07 .swcrc
  -rw-r--r--    1 node     node           575 Jun 23 23:43 dev.docker-compose.yml
  -rw-r--r--    1 node     node           408 Jun 23 22:27 docker-compose.yml
  -rw-r--r--    1 node     node           171 Jun 21 20:07 nest-cli.json
  drwxr-xr-x    1 node     node         13888 Jun 24 19:52 node_modules
  -rw-r--r--    1 node     node        407244 Jun 23 22:46 package-lock.json
  -rw-r--r--    1 node     node          4844 Jun 23 22:46 package.json
  drwxr-xr-x    1 node     node           378 Jun 22 17:25 src
  -rw-r--r--    1 node     node           112 Jun 21 20:07 tsconfig.build.json
  -rw-r--r--    1 node     node           583 Jun 21 20:07 tsconfig.json

• trying copy with chown as the example Dockerfile;
• run podman service as root instead of user;

Running npm run start:local from within the image works as expected.

I've tried removing podman (and its tools: podman, podman-compose, podman-dnsname, podman-docker), installed docker and docker-compose package, started its service as root, and, with the same Docker and compose files, I had success.

Maybe it's an incompatibility between Podman and Docker?

Versions:

  ❯ podman-compose -v 
  podman-compose version: 1.0.6
  ['podman', '--version', '']  
  using podman version: 4.5.1
  podman-compose version 1.0.6 
  podman --version 
  podman version 4.5.1