←back to thread

I ditched Docker for Podman

(codesmash.dev)
1101 points codesmash | 2 comments | 05 Sep 25 11:56 UTC | HN request time: 0.665s | source
1. markstos ◴[05 Sep 25 13:27 UTC] No.45138321[source]
I'm a podman user and fan, but there is one gotcha to know about the systemd integration.

You might expect that setting User=foo via systemd would enable seamless rootless containers, but it turns out to be a hard problem without a seamless solution.

Instead, there's this discussion thread with 86 comments and counting to wade through to find some solutions that have worked for some people in some cases.

https://github.com/containers/podman/discussions/20573#discu...

replies(1): >>45138818 #
2. hvenev ◴[05 Sep 25 14:10 UTC] No.45138818[source]
What I personally do is

    User=per-service-user
    ExecStart=!podman-wrapper ...
where podman-wrapper passes `--user=1000:1000 --userns=auto:uidmapping=1000:$SERVICE_UID:1,gidmapping=1000:$SERVICE_GID:1` (where the UID/GID are set based on the $USER environment variable). Each container runs as 1000:1000 inside the container, which is mapped to the correct user on the host.