Hello all:
I saw this on https://wiki.archlinux.org/title/Podman#Rootless_Podman:
Enable kernel.unprivileged_userns_clone
First, check the value of kernel.unprivileged_userns_clone by running:
$ sysctl kernel.unprivileged_userns_clone
If it is currently set to 0, enable it by setting 1 via sysctl or a kernel parameter.
Note: linux-hardened has kernel.unprivileged_userns_clone set to 0 by default.
But on Gentoo wiki, this is not mentioned, I saw an issue in podman's repo asking about "why I have to enable unprivileged_userns_clone"
I am alittle bit confused (I am a java developer, have very limited knowledge on those things)
Do I actually need to do that? I am using systemd as init system.
(Oh yes, I need rootless mode)
Confused by podman(rootless)
Message
You might or might not need it, depending on your use case. I don't understand much either but user's should stand for user name space. And if you want to run containers, I guess they need their own name spaces, so they should be cloneable.
I'm a java developer too and so far I haven't needed to do it but then I don't use containers much.
Best Regards,
Georgi
I'm a java developer too and so far I haven't needed to do it but then I don't use containers much.
Best Regards,
Georgi
Thanks for replyinglogrusx wrote:You might or might not need it, depending on your use case. I don't understand much either but user's should stand for user name space. And if you want to run containers, I guess they need their own name spaces, so they should be cloneable.
I'm a java developer too and so far I haven't needed to do it but then I don't use containers much.
Best Regards,
Georgi
I need databases on my local machine and I was using docker, maybe I should keep using docker...
I think you should be able to use podman, I'll try it at home. Never used it because I have local installations of both mysql and postgresnurali wrote:Thanks for replyinglogrusx wrote:You might or might not need it, depending on your use case. I don't understand much either but user's should stand for user name space. And if you want to run containers, I guess they need their own name spaces, so they should be cloneable.
I'm a java developer too and so far I haven't needed to do it but then I don't use containers much.
Best Regards,
Georgi
I need databases on my local machine and I was using docker, maybe I should keep using docker...
I think that Arch Linux is patching the "CONFIG_USER_NS_UNPRIVILEGED" into the Arch Linux kernel.
If you want to run podman containers in rootless mode you should follow https://wiki.gentoo.org/wiki/Podman#Con ... the_kernel.
If you want to run podman containers in rootless mode you should follow https://wiki.gentoo.org/wiki/Podman#Con ... the_kernel.
You are correct, there's neither such kernel config option, nor grep -r unprivileged_userns_clone returns anything.sMueggli wrote:I think that Arch Linux is patching the "CONFIG_USER_NS_UNPRIVILEGED" into the Arch Linux kernel.
If you want to run podman containers in rootless mode you should follow https://wiki.gentoo.org/wiki/Podman#Con ... the_kernel.
I was able to successfully pull, run and connect to a postgresql DB running podman as my regular user without any additional configuration.nurali wrote: I need databases on my local machine and I was using docker, maybe I should keep using docker...
Best Regards,
Georgi
I just updated docker and here's what postinst message it displayed:
Best Regards,
Georgi
I haven't tried that and will likely not, but thought it was worth mentioning it.* Install additional packages for optional runtime features:
* sys-apps/rootlesskit for rootless mode support
* for rootless mode you also need a network stack
* app-containers/slirp4netns for rootless mode network stack
Best Regards,
Georgi