Differences between revisions 1 and 2

Podman Security

podman(1) is designed to simplify the networking and process management that make dockerd(8) difficult to harden.

Contents

Rootless Mode

It is possible to avoid the use of root entirely.

On Fedora and derivative distributions, podman(1) is pre-configured to run in this manner.

On Arch Linux, install the fuse-overlayfs package.

Configure /etc/subuid with a user name, UID range start, and UID range size.

somebody:165536:65536

Similarly, configure /etc/subgid like:

somebody:165536:65536

Finally run podman system migrate to make the pause process reload.

-  ⇤ ← Revision 1 as of 2023-04-05 16:48:44 → 
  Size: 686
  Editor: DominicRicottone
  Comment:
+   ← Revision 2 as of 2023-04-05 16:52:57 → ⇥
  Size: 759
  Editor: DominicRicottone
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 31:
+Finally run `podman system migrate` to make the pause process reload.