Don’t encourage me.
Coleslaw4145@lemmy.world 8 hours ago
No try migrating all your docker containers to podman.
fossilesque@mander.xyz 8 hours ago
epicshepich@programming.dev 7 hours ago
And then try turning on SELinux!
olafurp@lemmy.world 5 hours ago
I set my homelab up on Bazzite immutable with podman and SELinux. It took a while to work everything out and have it boot up into a valid state hahaha
epicshepich@programming.dev 4 hours ago
Any reason you chose Bazzite for your homelab distro? First I’ve heard of someone doing that!
erev@lemmy.world 7 hours ago
It’s not that difficult to get SELinux working with podman quadlets, especially if you run things rootless. I have a kerberized service account for each application I host and my quadlets are configured to run under those. I very rarely encounter applications that simoky can’t be run rootless but I usually can find an adequate alternative. I think right now the only thing that runs as root is one of the talk or collabora containers in my nextcloud stack. No selinux issues either.
epicshepich@programming.dev 6 hours ago
I use podman-compose with system accounts and I don’t have a ton of issues. The biggest one is that I can’t seem to get bluetooth and pip working on Home Assistant at the same time. Most of the servers I manage have SELinux and it works fine as long as I use
:z/:Zwith bind mounts.A few years ago, I set up a VPS for my friend’s business; at the time, I didn’t know how to work with SELinux so I just turned it off. I tried to flip it back on, and it somehow bricked the system. We had to restore from a backup. Since then, I’ve been afraid to enable it on my flagship homelab server.
SexualPolytope@lemmy.sdf.org 7 hours ago
Just did that last weekend. Nothing to do anymore. 😢
exu@feditown.com 7 hours ago
Did you do Quadlets?
immobile7801@piefed.social 5 hours ago
I had problems getting apps with multiple containers working in quadlets (definitely a knowledge issue on my part, but didn’t feel the time learning it was beneficial, but will probably revisit during kubernetes learning) so went back to podman with docker compose.
SexualPolytope@lemmy.sdf.org 4 hours ago
I think it’s kinda better using quadlets, because I wrote some custom scripts, and quadlets made the process better. But podman compose is probably file too.
SexualPolytope@lemmy.sdf.org 7 hours ago
Yes of course. Had to spend a couple of hours fixing permission related issues.
poolhelmetinstrument@lemmy.world 6 hours ago
But did you run them as rootful or the intended rootless way.
emerald@lemmy.blahaj.zone 8 minutes ago
And then migrate all your podman containers to proxmox