cancel
Showing results for 
Search instead for 
Did you mean: 
rmokkink
Flight Engineer
Flight Engineer
  • 431 Views

DO180 running podman with sudo why?

Jump to solution

I am currently doing the DO180, but why do we use sudo with podman?
Best practice is not to run containers as root, but in this course we are using sudo podman all the time.

Can this be adjusted?

 

 

 

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
flozano
Moderator
Moderator
  • 422 Views

Re: DO180 running podman with sudo why?

Jump to solution

When RHEL8 was released, it did not include support for rootless containers so you had to use sudo. You require RHEL 8.2 for rootless containers to be fully supported. The next update to DO180 will update these exercises that use podman to use rootless containers.

View solution in original post

0 Kudos
Reply
Loading...
4 Replies
flozano
Moderator
Moderator
  • 423 Views

Re: DO180 running podman with sudo why?

Jump to solution

When RHEL8 was released, it did not include support for rootless containers so you had to use sudo. You require RHEL 8.2 for rootless containers to be fully supported. The next update to DO180 will update these exercises that use podman to use rootless containers.

View solution in original post

0 Kudos
Reply
Loading...
rmokkink
Flight Engineer
Flight Engineer
  • 414 Views

Re: DO180 running podman with sudo why?

Jump to solution

thanks for the update, i forgot about rhel 8.2 only supported rootless containers.
We do rootless containers different then redhat way ;-)

0 Kudos
Reply
Loading...
flozano
Moderator
Moderator
  • 404 Views

Re: DO180 running podman with sudo why?

Jump to solution

Please help me understand your comment that "We do rootless containers different then redhat way". Red Hat is the leading contributor to podman and its infrastructure libraries, and AFAIK podman was the first container engine to do rootless.  What Red Hat does different than others, and which others?

Rootless containers is not just about podman. It also requires proper kernel support for uid namespaces, many filesystem uid and gid mapping tricks, and also network level features so a container can do networking without root not extended kernel capabilities. So while a podman release available during RHEL8.0/8.1 (don't remember exactly which release of podman and RHEL) was already capable of rootless, other components were not there so there were restrictions running some operations on rootless mode, that's the reason it was not supported.

Beware that, when talking about RHEL, "supported" has a very strict meaning that customers can expect it to work in a multitude of use cases and get responses to  support tickets within a contractual SLA. So many features that "just work" and are declared as "supported" by upstream projects and Linux distros such as Fedora, are not "supported" in RHEL because they are not considered prime for production-level usage within the contractual SLA.

0 Kudos
Reply
Loading...
rmokkink
Flight Engineer
Flight Engineer
  • 374 Views

Re: DO180 running podman with sudo why?

Jump to solution

sorry for my late response.
As i am going through the course, i do not see any problems running all the podman commands as a regular user?

 

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.