rmokkink
Flight Engineer
Flight Engineer
  • 2,471 Views

DO180 running podman with sudo why?

Jump to solution

I am currently doing the DO180, but why do we use sudo with podman?
Best practice is not to run containers as root, but in this course we are using sudo podman all the time.

Can this be adjusted?

 

 

 

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
flozano
Moderator
Moderator
  • 2,462 Views

When RHEL8 was released, it did not include support for rootless containers so you had to use sudo. You require RHEL 8.2 for rootless containers to be fully supported. The next update to DO180 will update these exercises that use podman to use rootless containers.

View solution in original post

0 Kudos
4 Replies
flozano
Moderator
Moderator
  • 2,463 Views

When RHEL8 was released, it did not include support for rootless containers so you had to use sudo. You require RHEL 8.2 for rootless containers to be fully supported. The next update to DO180 will update these exercises that use podman to use rootless containers.

0 Kudos
rmokkink
Flight Engineer
Flight Engineer
  • 2,454 Views

thanks for the update, i forgot about rhel 8.2 only supported rootless containers.
We do rootless containers different then redhat way ;-)

0 Kudos
flozano
Moderator
Moderator
  • 2,444 Views

Please help me understand your comment that "We do rootless containers different then redhat way". Red Hat is the leading contributor to podman and its infrastructure libraries, and AFAIK podman was the first container engine to do rootless.  What Red Hat does different than others, and which others?

Rootless containers is not just about podman. It also requires proper kernel support for uid namespaces, many filesystem uid and gid mapping tricks, and also network level features so a container can do networking without root not extended kernel capabilities. So while a podman release available during RHEL8.0/8.1 (don't remember exactly which release of podman and RHEL) was already capable of rootless, other components were not there so there were restrictions running some operations on rootless mode, that's the reason it was not supported.

Beware that, when talking about RHEL, "supported" has a very strict meaning that customers can expect it to work in a multitude of use cases and get responses to  support tickets within a contractual SLA. So many features that "just work" and are declared as "supported" by upstream projects and Linux distros such as Fedora, are not "supported" in RHEL because they are not considered prime for production-level usage within the contractual SLA.

0 Kudos
rmokkink
Flight Engineer
Flight Engineer
  • 2,414 Views

sorry for my late response.
As i am going through the course, i do not see any problems running all the podman commands as a regular user?

 

0 Kudos
Join the discussion
You must log in to join this conversation.