(codesmash.dev)

1101 points codesmash | 5 comments | 05 Sep 25 11:56 UTC | HN request time: 0.737s | source

Show context

miki123211 ◴[05 Sep 25 15:37 UTC] No.45139800[source]▶

I've been dealing with setting up Podman for work over the last week or so, and I wouldn't wish that on my worst enemy.

If you use rootless Podman on a Redhat-derived distribution (which means Selinux), along with a non-root user in your container itself, you're in for a world of pain.

replies(13): >>45139949 #>>45139952 #>>45140035 #>>45140041 #>>45140112 #>>45140315 #>>45140558 #>>45140561 #>>45140736 #>>45140993 #>>45141204 #>>45141405 #>>45142506 #

1. mixmastamyk ◴[05 Sep 25 15:51 UTC] No.45139949[source]▶

>>45139800 #

Sounds like you need to grant the user sufficient permissions. What else might go wrong?

replies(2): >>45140038 #>>45140065 #

2. iTokio ◴[05 Sep 25 15:58 UTC] No.45140038[source]▶

>>45139949 (TP) #

Mounting Volume and dealing with FS permissions.

They are many different workarounds but it’s a known pain point.

3. marcel_hecko ◴[05 Sep 25 16:00 UTC] No.45140065[source]▶

>>45139949 (TP) #

It's mostly the subgid subuid mapping of ids between guest and host which is non trivial to understand in rootless envs. Add selinux in the mix....

replies(2): >>45140439 #>>45140697 #

4. galangalalgol ◴[05 Sep 25 16:29 UTC] No.45140439[source]▶

>>45140065 #

What actual issues do you run into? We have selinux and rootless and I didn't notice the transition from docker as a user.

5. strbean ◴[05 Sep 25 16:49 UTC] No.45140697[source]▶

>>45140065 #

> subgid subuid mapping

trigger warning please D:

↑

I ditched Docker for Podman