It appears that the oci.uid and oci.gid config options aren't affecting the permissions of created storage volumes for OCI containers. I've run into issues with both Prometheus which identifies these values as nobody:nogroup (65534:65534) and also Grafana which wants to run as grafana:0 (472:0). In both cases it seems the storage volumes are getting created for the root user. This generally causes the container to fail on startup since the application tries to write things to the mapped volume. compose.yml ```yml services: grafana: image: grafana/grafana container_name: grafana restart: unless-stopped ports: - "3000:3000" volumes: - 'storage:/var/lib/grafana' volumes: storage: ``` ``` % incus-compose logs grafana-1 | GF_PATHS_DATA='/var/lib/grafana' is not writable. grafana-1 | You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later grafana-1 | mkdir: can't create directory '/var/lib/grafana/plugins': Permission denied ``` Since the instance got created, but cannot start, here are the oci related configs ``` % incus config show grafana-1 | grep oci image.type: oci oci.cwd: /usr/share/grafana oci.entrypoint: /run.sh oci.gid: "0" oci.uid: "472" volatile.container.oci: "true" ``` If I map the volume to the host, it's owned by root:root. ``` % ls -la | grep mounted-volume drwx--x--x 1 root root 0 May 13 10:08 mounted-volume ``` Let me know if there are any other data points or logs you need.