podman: Error, when pulling short-named image via docker api

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description I have an application, which uses podman socket via test-containers library. When I am using this app to run containers, based on images which have non-qualified names (eg postgres:9.6.12) and were not yet pulled to the machine, it fails with an error. When I use fully-qualified names (eg docker.io/postgres:9.6.12), or pull images in advance, it works. When the same app uses Docker API, it works for images with any names.

Steps to reproduce the issue:

1. Have podman installed and started via systemctl --user enable podman.socket --now
2. Force testcontainers to use the podman socket export DOCKER_HOST=unix:///run/user/${UID}/podman/podman.sock
3. Clone the reproducer: git clone git@github.com:fedinskiy/reproducer.git -b reproducer/podman-nopull && cd reproducer
4. Purge existing images podman rmi --all and docker rmi --force $(docker images -q)
5. run tests mvn clean verify # fails
6. pull required images: testcontainers/ryuk:0.3.4, nginx:latest and postgres:9.6.12
7. run tests again mvn clean verify # succeeds
8. If p. 2 is omitted, everything works. If fully-qualified names is used instead (eg docker.io/postgres:9.6.10) is also works

Describe the results you received: See above

Describe the results you expected: Podman API should be fully compatible with Docker API (https://podman.io/blogs/2020/07/01/rest-versioning.html)

Additional information you deem important (e.g. issue happens only occasionally): Initially reported here, for test-containers library: https://github.com/testcontainers/testcontainers-java/issues/5998, according to them it is docker-api error.

Output of podman version:

Client:       Podman Engine
Version:      4.3.0
API Version:  4.3.0
Go Version:   go1.18.7
Built:        Fri Oct 21 10:16:35 2022
OS/Arch:      linux/amd64

Output of podman info:

host:
  arch: amd64
  buildahVersion: 1.28.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.4-3.fc36.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.4, commit: '
  cpuUtilization:
    idlePercent: 91.21
    systemPercent: 1.59
    userPercent: 7.2
  cpus: 8
  distribution:
    distribution: fedora
    variant: workstation
    version: "36"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.0.5-200.fc36.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 7868071936
  memTotal: 33395286016
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun-1.6-2.fc36.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.6
      commit: 18cf2efbb8feb2b2f20e316520e0fd0b6c41ef4d
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
    version: |-
      slirp4netns version 1.2.0-beta.0
      commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 8589930496
  swapTotal: 8589930496
  uptime: 1h 57m 23.00s (Approximately 0.04 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  registry.access.redhat.com:
    Blocked: false
    Insecure: true
    Location: registry.access.redhat.com
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: registry.access.redhat.com
    PullFromMirror: ""
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - quay.io
store:
  configFile: /home/fedinskiy/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/fedinskiy/.local/share/containers/storage
  graphRootAllocated: 510965841920
  graphRootUsed: 185257885696
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 4
  runRoot: /run/user/1000/containers
  volumePath: /home/fedinskiy/.local/share/containers/storage/volumes
version:
  APIVersion: 4.3.0
  Built: 1666340195
  BuiltTime: Fri Oct 21 10:16:35 2022
  GitCommit: ""
  GoVersion: go1.18.7
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.

Package info (e.g. output of rpm -q podman or apt list podman or brew info podman):

podman-4.3.0-2.fc36.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

$ grep "hub" /usr/share/containers/containers.conf
compat_api_enforce_docker_hub = true

$ grep -v "#"  /etc/containers/registries.conf
unqualified-search-registries = ["docker.io","registry.fedoraproject.org","registry.access.redhat.com","quay.io"]
[[registry]]
location = "registry.access.redhat.com"
insecure = true


short-name-mode="disabled"