5:13 : putting any char of the grep string in brackets [] makes the "grep -v grep" unnecessary ps -ef|grep "/usr/lib/systemd/systemd rhgb" -> grep process shows up in the result ps -ef|grep "[/]usr/lib/systemd/systemd rhgb" -> grep process does not show up in the result ps -ef|grep "/usr/lib/sys[t]emd/systemd rhgb" -> grep process does not show up in the result
In scenario #4, if a container were to share a volume with the host and a file were created in that shared volume, the host would have a permissions denied on that file. What would be the process to get around that? .. thanks in advance.
I had to do two things: match the UID and GID of the host user (PUID and PGID lines in the compose file) and secondly append :Z to the volume to indicate the volume is shared in order to make SELinux happy (on Rocky 9.2)
I wanted to like Podman, but all this rootless/rootful stuff is black magic. Unnecessarily complicated. I't so easy to get lost with this stuff. I'll stick with the simplicity of Docker. It just works
Docker "just works" because it uses a daemon with root privilege. The docker commands you launch from the cmdline are docker client commands, which send a request to the daemon. Podman, otoh, has no daemon, so you can run a podman container without root privileges on the host. It's a big security improvement.
by far, the most concise and easily understood primer to outside vs. inside user mappings.
This is so cool thank you for the split screen comparisons!
Clear and concise, well done
5:13 : putting any char of the grep string in brackets [] makes the "grep -v grep" unnecessary
ps -ef|grep "/usr/lib/systemd/systemd rhgb" -> grep process shows up in the result
ps -ef|grep "[/]usr/lib/systemd/systemd rhgb" -> grep process does not show up in the result
ps -ef|grep "/usr/lib/sys[t]emd/systemd rhgb" -> grep process does not show up in the result
This is perfection
Between 01:10 and 04:40 there are diff scenarios but shell prompt stays the same.
# whoami
sync
and not:
$ whoami
sync
Am I missing something?
Thanks
The prompt symbol is just a convention.
In scenario #4, if a container were to share a volume with the host and a file were created in that shared volume, the host would have a permissions denied on that file. What would be the process to get around that? .. thanks in advance.
good question... I'm also struggling with this. have to use root to even ls
I had to do two things: match the UID and GID of the host user (PUID and PGID lines in the compose file) and secondly append :Z to the volume to indicate the volume is shared in order to make SELinux happy (on Rocky 9.2)
clearedthe confusion. tnx
Do you have a guide on running this on Openshift 4.11?
Rootless user when try to initialize systemctl from the ubi images get DBus connection failed. Is that by design?
Very well explained. Thanks..
I went from docker on rhel to podman. worst decision of the year
I wanted to like Podman, but all this rootless/rootful stuff is black magic. Unnecessarily complicated. I't so easy to get lost with this stuff. I'll stick with the simplicity of Docker. It just works
Docker "just works" because it uses a daemon with root privilege. The docker commands you launch from the cmdline are docker client commands, which send a request to the daemon. Podman, otoh, has no daemon, so you can run a podman container without root privileges on the host. It's a big security improvement.