Running Gitea Runner With Rootless Podman

This article is part of the “quadlet config snippets” series. For the Quadlet basics, see Podman Tutorial. For the full Gitea setup, see Quadlet Config Share: Gitea.

I ran into this while using rootless Podman to run a Gitea Actions Runner. Leaving the note here.

Job container fails with making volume mountpoint

The Runner starts normally, but the workflow fails with this error:

Error response from daemon: make cli opts(): making volume mountpoint for volume /var/run/docker.sock: mkdir /var/run/docker.sock: permission denied

The reason is act (nektos/act). When it creates the job container, it uses the detected Docker socket path as the source path for a bind mount. Inside the runner container, the socket is at /var/run/docker.sock, so act asks Podman to bind-mount /var/run/docker.sock from the host. But the rootless Podman socket is actually at /run/user/1000/podman/podman.sock, and there is no /var/run/docker.sock on the host. Podman tries to create the path and then fails with a permission error.

Fix it by setting docker_host in the runner’s config.yaml, so act uses the real host path:

Generate the default config first:

podman run -it --rm --entrypoint "" docker.io/gitea/act_runner:latest act_runner generate-config

Edit the config:

container:
  docker_host: "unix:///run/user/1000/podman/podman.sock"

Quadlet configuration

# gitea-runner.container
[Unit]
Requires=gitea.service
After=gitea.service

[Container]
Image=docker.io/gitea/act_runner:latest
Pod=gitea.pod
Volume=/path/to/runner-data:/data
Volume=/run/user/1000/podman/podman.sock:/run/user/1000/podman/podman.sock
Environment=GITEA_INSTANCE_URL=https://git.example.com GITEA_RUNNER_REGISTRATION_TOKEN=token CONFIG_FILE=/data/config.yaml
AutoUpdate=registry

[Service]
Restart=always

1. Replace /path/to/ with your actual path.
2. Replace 1000 with your user UID.
3. Leave the other fields in config.yaml as default.