Differences between revisions 1 and 3 (spanning 2 versions)
Revision 1 as of 2023-04-05 16:48:44
Size: 686
Editor: DominicRicottone
Comment:
Revision 3 as of 2023-04-05 16:55:24
Size: 915
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 31: Line 31:
Finally run `podman system migrate` to make the pause process reload.

It may be necessary to also enable lingering, so that user owned processes can remain running after logout.

{{{
loginctl enable-linger username
}}}

Podman Security

podman(1) is designed to simplify the networking and process management that make dockerd(8) difficult to harden.

Contents

  1. Podman Security
    1. Rootless Mode

Rootless Mode

It is possible to avoid the use of root entirely.

On Fedora and derivative distributions, podman(1) is pre-configured to run in this manner.

On Arch Linux, install the fuse-overlayfs package.

Configure /etc/subuid with a user name, UID range start, and UID range size. 

somebody:165536:65536

Similarly, configure /etc/subgid like: 

somebody:165536:65536

Finally run podman system migrate to make the pause process reload.

It may be necessary to also enable lingering, so that user owned processes can remain running after logout. 

loginctl enable-linger username

CategoryRicottone

Podman/Security (last edited 2023-04-05 16:55:24 by DominicRicottone)