Comment on MicroOS: Rootless podman?
Shimitar@downonthestreet.eu 5 days ago
I suggest you read some guides about podman and rootless containers.
Here is my experience albeit on a different Linux: wiki.gardiol.org/doku.php?id=gentoo%3Acontainers
Comment on MicroOS: Rootless podman?
Shimitar@downonthestreet.eu 5 days ago
I suggest you read some guides about podman and rootless containers.
Here is my experience albeit on a different Linux: wiki.gardiol.org/doku.php?id=gentoo%3Acontainers
nico198x@europe.pub 5 days ago
i’ve been ass-deep in doc and guides for days, mate. can you just answer the question if you know the answer?
rootless podman should not be able to bind to port 80, for example. but i CAN do this on MicroOS. which is making me think that it’s running rootful. and if that’s happening because i’m working under the sole root user in MicroOS.
Shimitar@downonthestreet.eu 5 days ago
You can give podman rootless the power to open ports less than 1024. So no, it can still be rootless.
And yes, for being rootless you must have non root users as well…
So its probably root and not rootless
nico198x@europe.pub 5 days ago
thank you for confirming my suspicion. i know one CAN give it that power, but i understand that it’s not the default.
ultimately, this is a question first about the MicroOS setup, and second podman functionality.
borax7385@lemmy.world 5 days ago
Which user do you use to run the podman command? Confirm with
whoamiNote that the sysctl
net.ipv4.ip_unprivileged_port_startcan be used to allow non-root users to bind to ports <1024, this might be configured in MicroOS, I don’t know.nico198x@europe.pub 5 days ago
i’m definitely root, which is the sole default user on MicroOS for login, bash, etc.
it mostly strikes me as odd that MicroOS for containers would not have me setup a non-root user at install. trying to do it after install necessitates some hoop jumping to get podman to work correctly, which is making me wonder if MicroOS is really worth it at that point if it’s not ready to go after install.
driftWood@infosec.pub 5 days ago
If you want extra users I believe you can create them in ignition file, so that way they get created when MicroOS is deployed.
Basically anything you want as part of ‘default’ setup has to be configured via ignition file.