diff --git a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java
index 48e38e68d061b..a7a8aa27725e3 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java
@@ -31,7 +31,8 @@ public NativeImageBuildLocalContainerRunner(NativeConfig nativeConfig, Path outp
                 String gid = getLinuxID("-gr");
                 if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) {
                     Collections.addAll(containerRuntimeArgs, "--user", uid + ":" + gid);
-                    if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.PODMAN) {
+                    if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.PODMAN
+                            && containerRuntime.isRootless()) {
                         // Needed to avoid AccessDeniedExceptions
                         containerRuntimeArgs.add("--userns=keep-id");
                     }
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/UpxCompressionBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/UpxCompressionBuildStep.java
index 8039cd91b5da9..ebaa5e4586c5d 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/UpxCompressionBuildStep.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/UpxCompressionBuildStep.java
@@ -124,7 +124,8 @@ private boolean runUpxInContainer(NativeImageBuildItem nativeImage, NativeConfig
             String gid = getLinuxID("-gr");
             if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) {
                 Collections.addAll(commandLine, "--user", uid + ":" + gid);
-                if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.PODMAN) {
+                if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.PODMAN
+                        && containerRuntime.isRootless()) {
                     // Needed to avoid AccessDeniedExceptions
                     commandLine.add("--userns=keep-id");
                 }
diff --git a/core/runtime/src/main/java/io/quarkus/runtime/util/ContainerRuntimeUtil.java b/core/runtime/src/main/java/io/quarkus/runtime/util/ContainerRuntimeUtil.java
index 512f7fe7c90dc..94cee990fc25b 100644
--- a/core/runtime/src/main/java/io/quarkus/runtime/util/ContainerRuntimeUtil.java
+++ b/core/runtime/src/main/java/io/quarkus/runtime/util/ContainerRuntimeUtil.java
@@ -2,6 +2,7 @@
 
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
 import java.util.function.Predicate;
@@ -68,16 +69,24 @@ private static boolean getRootlessStateFor(ContainerRuntime containerRuntime) {
             ProcessBuilder pb = new ProcessBuilder(containerRuntime.getExecutableName(), "info")
                     .redirectErrorStream(true);
             rootlessProcess = pb.start();
-            rootlessProcess.waitFor();
-            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(rootlessProcess.getInputStream()));
-            Predicate<String> stringPredicate;
-            // Docker includes just "rootless" under SecurityOptions, while podman includes "rootless: <boolean>"
-            if (containerRuntime == ContainerRuntime.DOCKER) {
-                stringPredicate = line -> line.trim().equals("rootless");
-            } else {
-                stringPredicate = line -> line.trim().equals("rootless: true");
+            int exitCode = rootlessProcess.waitFor();
+            if (exitCode != 0) {
+                log.warnf("Command \"%s\" exited with error code %d. " +
+                        "Rootless container runtime detection might not be reliable.",
+                        containerRuntime.getExecutableName(), exitCode);
+            }
+            try (InputStream inputStream = rootlessProcess.getInputStream();
+                    InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
+                    BufferedReader bufferedReader = new BufferedReader(inputStreamReader)) {
+                Predicate<String> stringPredicate;
+                // Docker includes just "rootless" under SecurityOptions, while podman includes "rootless: <boolean>"
+                if (containerRuntime == ContainerRuntime.DOCKER) {
+                    stringPredicate = line -> line.trim().equals("rootless");
+                } else {
+                    stringPredicate = line -> line.trim().equals("rootless: true");
+                }
+                return bufferedReader.lines().anyMatch(stringPredicate);
             }
-            return bufferedReader.lines().anyMatch(stringPredicate);
         } catch (IOException | InterruptedException e) {
             // If an exception is thrown in the process, assume we are not running rootless (default docker installation)
             log.debugf(e, "Failure to read info output from %s", containerRuntime.getExecutableName());