Rootless podman with Oracle XE

Posted by Karl Levik on 2022-01-10, last modified on 2022-02-06
Mimir's head

The god Mimir ended up as Odin's oracle - not exactly rootless, but bodyless!
(Miguel Regodón Harkness - CC BY-NC-ND 3.0)

One piece of feedback I received on my previous blog article was that it would have been even better with a section about Oracle XE. Since that article was already too long, I decided to write a new one.

Environment and podman version

I'm running this on Fedora 35 with podman version 3.4.4 with no other modifications than what is described in the next section. Your mileage may vary on other platforms and older versions.

Rootless podman

To allow podman to run rootless we need to make a few one-off configuration changes. We can use the same configuration as in the previous article, except for Oracle XE we need somewhat wider ranges of subuids and subgids:

sudo usermod --add-subuids 200000-265535 --add-subgids 200000-265535 $YOUR_USER

(Without this, podman will spit out strange error messages already while pulling the image.)

Based on my own still limited experience with rootless podman, if you have previously added smaller ranges of subuids and/or subgids for your user, I would also suggest editing your /etc/subuid and /etc/subgid files to remove the old entries. Just make sure you have subid ranges of 64K.

Also, as before, make sure that /proc/sys/user/max_user_namespaces contains a number greater than 0 as rootless podman depends on user namespaces (man 7 namespaces and man 7 user_namespaces):

cat /proc/sys/user/max_user_namespaces
sysctl user.max_user_namespaces=15000

Prepare example data

If you want to play with some data, then, as last time, let's use the Sakila schema from JOOQ:

git clone

There is a small issue with the oracle-sakila-schema.sql file: It contains forward slash characters ("/") following some of the DDL statements which makes sqlplus repeat the previously executed statement. This will obviously result in errors.

So, let's remove those forward slashes, but keep the ones following PL/SQL BEGIN ... END; and the ones in /* ... /* comments:

sed -i 's#^/# #g;s#END;#END;\n/#g;s#^ \*#/*#g' \

Also, let's make our lives a little easier and add an exit command at the end of those scripts:

echo "
exit;" | tee -a sakila/oracle-sakila-db/*.sql

(Yes, this is intentioally on two lines!)

Oracle XE

We're going to use a community-provided repository on DockerHub by user gvenzl. It has a number of tags for Oracle Database XE 21c, 18c, and 11g. Find more details on the Oracle-XE dockerhub page.

Let's try the "regular" 21c image and mount our example data directory. Beware that some of these are rather large images - e.g. 21 is 3.2GB whereas 11-slim is only 600MB.

podman create -p 1521:1521 --name ora-xe-21 -e ORACLE_PASSWORD=mypass \
  -v $(pwd)/sakila/oracle-sakila-db:/mnt/sakila:z \
podman start ora-xe-21

Before you continue, give this a little time to start up properly. You can check the start-up progres with podman logs ora-xe-21 which should output 'DATABASE IS READY TO USE!' and 'Completed: ALTER DATABASE OPEN' after which you should be able to connect.)

By the way, the above ORACLE_PASSWORD is for the sys and system users. You change this with:

podman exec ora-xe-21 resetPassword some_new_and_better_password

Let's now create a user and grant the necessary privileges:

podman exec -it ora-xe-21 sqlplus system/mypass


  • exit; or ctrl-D to exit.
  • ALTER SESSION SET CONTAINER was introduced in 12c. So, for the 11 images just skip this line, and also leave out "@//localhost/XEPDB1" when connecting through sqlplus.

Finally, to import the sakila schema and data, run these two commands - the latter redirects its output to /dev/null as there is quite a lot and printing it to the terminal will slow down the process:

podman exec -it ora-xe-21 sqlplus -s sakila/SAKILA@//localhost/XEPDB1 \
podman exec -it ora-xe-21 /bin/sh -c 'sqlplus -s sakila/SAKILA@//localhost/XEPDB1 \
  @/mnt/sakila/oracle-sakila-insert-data.sql > /dev/null 2>&1'

A few example commands to get started (assumes user sakila):

help index
select table_name from user_tables;
connect system/mypass
desc actor;


There are other Oracle XE repositories on DockerHub, but the 'gvenzl/oracle-xe' repo seems to have the most downloads (> 1 million) out of the ones that offer versions newer than 11g, and it's also recently updated. I have not tested any of the others.