Skip to content

Latest commit

 

History

History
79 lines (61 loc) · 3.39 KB

podman.md

File metadata and controls

79 lines (61 loc) · 3.39 KB
Raw

Podman

Volumes

See the official doc, and this blog post and another blog post, and that blog post; but the TL;DR is:

  • For processes running with UID 0 as root in the container, without podman --user, one can simply use something like -v $PWD:/project:Z (such as here, and here or here). This "just works" because the root user in the container is mapped to the user running podman on the host; this can be seen e.g. by podman info and idMappings of podman top, which are based on /etc/subuid & /etc/subgid, see man newuidmap (man newgidmap).

  • Otherwise, it's... more complicated. podman unshare is one way, but after a chown it's not really usable normally on the host anymore - so that's kind of pointless. Therefore, separating in-container data on a podman volume makes more sense. (TODO: Explore create --opt=o=uid=1000,gid=1000. Also is there actually/how to use the btrfs driver?)

  • TODO: Using -v $PWD:/project:Z,U is an option still to explore further.

  • With podman volume, as used e.g. by dotfiles-fedora.service or the git-server:

    $ podman volume create home-git $ podman volume inspect home-git $ ls ~/.local/share/containers/storage/volumes/home-git/_data

    $ podman run -v home-git:/home/vorburger/git gcr.io/vorburger/dotfiles-fedora

    $ podman volume ls $ podman volume rm ... $ podman volume prune

    $ podman info (...) idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536

    $ podman top dotfiles user,huser,group,hgroup USER HUSER GROUP HGROUP root vorburger root vorburger root vorburger root vorburger vorburger 100999 vorburger 100999 vorburger ? vorburger ?

"Podman in Podman"

See the official doc, and this blog post; the TL;DR is:

On the "server", run setup.sh. This enables the SSH daemon and Podman Socket. Test it:

podman --remote --url unix://run/user/$UID/podman/podman.sock info

In the container running on the "client", do e.g. the following if you like ;-) "inception":

podman run -it --rm -v /run/user/$UID/podman:/run/user/0/podman --security-opt label=disable fedora
dnf install -y podman-remote
podman-remote info
podman-remote run -it --rm fedora

See the devshell container image, based on this.