Hello,
I’m troubleshooting a privilege discrepancy depending on how I enter a Podman container.
adminuser inside the container (If SSH into the container from an external machine (through NIC ports X4 or X5) cannot change system time using date -s, even when running via sudo. The command fails with:
date: cannot set date: Operation not permitted
What makes this confusing is that I have already verified/attempted the common fixes: The container appears to have CAP_SYS_TIME
- (capabilities are not dropped)
- The container is started with
--security-opt seccomp=unconfined - I also tried eliminating UID/GID mapping by using
--userns=host(or the host/default equivalent)
Yet the result is still the same (EPERM).
However, if I run the same operation from the host into the container (e.g., podman exec / interactive shell as root inside the container), setting time works without any issue.
I’m looking for guidance on what else can prevent date -s from working in a container when CAP_SYS_TIME is present and seccomp/userns are not the issue.