hey all! i need a little help here.
i’m just starting to get into self-hosting, and have chosen MicroOS and podman as my environment and tool.
would someone be able to clarify something for me?
I have a MicroOS install for containers, and it seems to only come with a root user. so if i use podman, won’t all my pods be rootful?
i try to make a new non-root user, but podman just keeps complaining about privileges when i run it under that user.
so how is this intended to work exactly?
thanks for any help!
someacnt@sh.itjust.works 4 hours ago
While this would not answer your question, but according to podman maintainers, rootful podman with
userns=auto
enjoys nearly as much security benefits as rootless. (As always, there are nuances to this)Check out github.com/containers/podman/discussions/13728
Maybe you could consider running rootful podman, especially if the OS is immutable.
nico198x@europe.pub 29 minutes ago
thanks, very helpful! your comment is definitely relevant, and i hope this topic will help others in the future who may be confused about best practice w/ MicroOS.
for what it’s worth, i did end up running Rootful!
InnerScientist@lemmy.world 1 hour ago
Tldr:
Rootful podman with
podman run --userns=auto
is more secure than one rootless host user running many pods, because those pods could (theoretically) attack each other.though you still have the possibility of an exploit in the image pull
Rootless podman running one pod (as in service including database and so on) per host user with different subuid Ranges is the most secure, but you have to actually set that up which can be a lot of work depending on distribution.