cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
rmokkink
Flight Engineer
Flight Engineer
‎02-08-2021 04:51 PM
  • 2,639 Views

DO180 running podman with sudo why?

Jump to solution

I am currently doing the DO180, but why do we use sudo with podman?
Best practice is not to run containers as root, but in this course we are using sudo podman all the time.

Can this be adjusted?

 

 

 

Labels (1)
Labels
0 Kudos
Join the discussion
1 Solution

Accepted Solutions
flozano
Moderator
Moderator
‎02-09-2021 09:52 PM
  • 2,630 Views

Jump to solution

When RHEL8 was released, it did not include support for rootless containers so you had to use sudo. You require RHEL 8.2 for rootless containers to be fully supported. The next update to DO180 will update these exercises that use podman to use rootless containers.

View solution in original post

0 Kudos
4 Replies
flozano
Moderator
Moderator
‎02-09-2021 09:52 PM
  • 2,631 Views

Jump to solution

When RHEL8 was released, it did not include support for rootless containers so you had to use sudo. You require RHEL 8.2 for rootless containers to be fully supported. The next update to DO180 will update these exercises that use podman to use rootless containers.

0 Kudos
rmokkink
Flight Engineer
Flight Engineer
‎02-10-2021 06:32 AM
  • 2,622 Views

Jump to solution

thanks for the update, i forgot about rhel 8.2 only supported rootless containers.
We do rootless containers different then redhat way ;-)

0 Kudos
flozano
Moderator
Moderator
‎02-10-2021 02:24 PM
  • 2,612 Views

Jump to solution

Please help me understand your comment that "We do rootless containers different then redhat way". Red Hat is the leading contributor to podman and its infrastructure libraries, and AFAIK podman was the first container engine to do rootless.  What Red Hat does different than others, and which others?

Rootless containers is not just about podman. It also requires proper kernel support for uid namespaces, many filesystem uid and gid mapping tricks, and also network level features so a container can do networking without root not extended kernel capabilities. So while a podman release available during RHEL8.0/8.1 (don't remember exactly which release of podman and RHEL) was already capable of rootless, other components were not there so there were restrictions running some operations on rootless mode, that's the reason it was not supported.

Beware that, when talking about RHEL, "supported" has a very strict meaning that customers can expect it to work in a multitude of use cases and get responses to  support tickets within a contractual SLA. So many features that "just work" and are declared as "supported" by upstream projects and Linux distros such as Fedora, are not "supported" in RHEL because they are not considered prime for production-level usage within the contractual SLA.

0 Kudos
rmokkink
Flight Engineer
Flight Engineer
‎03-06-2021 01:23 PM
  • 2,582 Views

Jump to solution

sorry for my late response.
As i am going through the course, i do not see any problems running all the podman commands as a regular user?

 

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2024 Red Hat, Inc. Privacy policy Terms of use