podman as a container image building service at k8s - not working for a particular scenario

[daipok]

We run podman as a service for building container image at k8s. We run it as rootless and non-priviledged.

It's been working fine , until recently we hit into a problem about upgrading a particular component.

We have a dockerfile based from rockylinux official image, and doing a "yum update" brings in a rpm, that needs to extract files to
/dev (and many other system dir), and throws error. The USER is root in Dockerfile.

For our uid map, the user podman (id=1000) should be properly mapped to root (0), so we don't know why the elevation issue.

If I run this directly at the container session:

podman run --rm rockylinux:9 "yum -y update"

Then it's fine. However, the same line:

FROM rockylinux:9

RUN yum -y update

will hit into problem

Questions;

1. We tried running the image building container as root and priviledged (runAsUser: 0, privileged: true), and it works
2. Any one running similar set up at k8s and running into similar seemingly elevation issue?
3. If I am not on k8s and just using podman to build the same Dockerfile locally it's all good. It's definitely something in k8s, but not sure what am I missing here.