diff --git a/.cirrus.yml b/.cirrus.yml
index a0c238439c..443fafe480 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -32,7 +32,7 @@ env:
     DEBIAN_NAME: "debian-13"
 
     # Image identifiers
-    IMAGE_SUFFIX: "c20240821t171500z-f40f39d13"
+    IMAGE_SUFFIX: "c20240826t190000z-f40f39d13"
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
     DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
diff --git a/copier/xattrs.go b/copier/xattrs.go
index 986156d2f2..f90bb1f500 100644
--- a/copier/xattrs.go
+++ b/copier/xattrs.go
@@ -9,15 +9,18 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/containers/storage/pkg/unshare"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
 
 const (
 	xattrsSupported = true
+	imaXattr        = "security.ima"
 )
 
 var (
-	relevantAttributes    = []string{"security.capability", "security.ima", "user.*"} // the attributes that we preserve - we discard others
+	relevantAttributes    = []string{"security.capability", imaXattr, "user.*"} // the attributes that we preserve - we discard others
 	initialXattrListSize  = 64 * 1024
 	initialXattrValueSize = 64 * 1024
 )
@@ -92,7 +95,11 @@ func Lsetxattrs(path string, xattrs map[string]string) error {
 	for attribute, value := range xattrs {
 		if isRelevantXattr(attribute) {
 			if err := unix.Lsetxattr(path, attribute, []byte(value), 0); err != nil {
-				return fmt.Errorf("setting value of extended attribute %q on %q: %w", attribute, path, err)
+				if unshare.IsRootless() && attribute == imaXattr {
+					logrus.Warnf("Unable to set %q xattr on %q: %v", attribute, path, err)
+				} else {
+					return fmt.Errorf("setting value of extended attribute %q on %q: %w", attribute, path, err)
+				}
 			}
 		}
 	}
diff --git a/tests/bud.bats b/tests/bud.bats
index 0a5c66ba34..32c078ea56 100644
--- a/tests/bud.bats
+++ b/tests/bud.bats
@@ -6946,3 +6946,23 @@ _EOF
   run_buildah run testctr -- sh -c 'cd podman-tag && git ls-remote --tags origin v5.0.0^{} | cut -f1'
   assert "$output" = "$local_head_hash"
 }
+
+@test "bud with ADD with file with IMA xattr" {
+  _prefetch alpine
+
+  local contextdir=${TEST_SCRATCH_DIR}/add-ima
+  mkdir -p $contextdir
+  cat > $contextdir/Dockerfile <<EOF
+FROM alpine
+ADD /usr/libexec/catatonit/catatonit /bin/catatonit
+EOF
+
+  # Verify that /usr/libexec/catatonit/catatonit both exists and has an IMA xattr
+  if getfattr -d -m 'security.ima' /usr/libexec/catatonit/catatonit | grep -q ima; then
+    skip "catatonit does not exist or does not have an appropriate xattr"
+  fi
+
+  # We do not care if the attribute was actually added, as rootless is allowed to discard it.
+  # Only that the file builds successfully.
+  run_buildah build -f $contextdir/Dockerfile $contextdir
+}