| View previous topic :: View next topic |
| Author |
Message |
nurali
Apprentice
Joined: 17 Nov 2022
Posts: 185
Location: Somewhere,Earth
|
 Posted: Sat Jun 21, 2025 2:28 pm Post subject: Confused by podman(rootless) |
 |
|
Hello all:
I saw this on https://wiki.archlinux.org/title/Podman#Rootless_Podman:
Enable kernel.unprivileged_userns_clone
First, check the value of kernel.unprivileged_userns_clone by running:
$ sysctl kernel.unprivileged_userns_clone
If it is currently set to 0, enable it by setting 1 via sysctl or a kernel parameter.
Note: linux-hardened has kernel.unprivileged_userns_clone set to 0 by default.
But on Gentoo wiki, this is not mentioned, I saw an issue in podman's repo asking about "why I have to enable unprivileged_userns_clone"
I am alittle bit confused (I am a java developer, have very limited knowledge on those things)
Do I actually need to do that? I am using systemd as init system.
(Oh yes, I need rootless mode) |
|
| Back to top |
|
 |
logrusx
Advocate
Joined: 22 Feb 2018
Posts: 3120
|
| Posted: Sat Jun 21, 2025 2:45 pm Post subject: |
|
|
You might or might not need it, depending on your use case. I don't understand much either but user's should stand for user name space. And if you want to run containers, I guess they need their own name spaces, so they should be cloneable.
I'm a java developer too and so far I haven't needed to do it but then I don't use containers much.
Best Regards,
Georgi |
|
| Back to top |
|
|
nurali
Apprentice
Joined: 17 Nov 2022
Posts: 185
Location: Somewhere,Earth
|
| Posted: Sat Jun 21, 2025 3:01 pm Post subject: |
|
|
| logrusx wrote: | You might or might not need it, depending on your use case. I don't understand much either but user's should stand for user name space. And if you want to run containers, I guess they need their own name spaces, so they should be cloneable.
I'm a java developer too and so far I haven't needed to do it but then I don't use containers much.
Best Regards,
Georgi |
Thanks for replying
I need databases on my local machine and I was using docker, maybe I should keep using docker... |
|
| Back to top |
|
|
logrusx
Advocate
Joined: 22 Feb 2018
Posts: 3120
|
| Posted: Sat Jun 21, 2025 4:44 pm Post subject: |
|
|
| nurali wrote: | | logrusx wrote: | You might or might not need it, depending on your use case. I don't understand much either but user's should stand for user name space. And if you want to run containers, I guess they need their own name spaces, so they should be cloneable.
I'm a java developer too and so far I haven't needed to do it but then I don't use containers much.
Best Regards,
Georgi |
Thanks for replying
I need databases on my local machine and I was using docker, maybe I should keep using docker... |
I think you should be able to use podman, I'll try it at home. Never used it because I have local installations of both mysql and postgres |
|
| Back to top |
|
|
sMueggli
l33t
Joined: 03 Sep 2022
Posts: 622
|
|
| Back to top |
|
|
logrusx
Advocate
Joined: 22 Feb 2018
Posts: 3120
|
| Posted: Mon Jun 23, 2025 4:02 pm Post subject: |
|
|
You are correct, there's neither such kernel config option, nor grep -r unprivileged_userns_clone returns anything.
| nurali wrote: |
I need databases on my local machine and I was using docker, maybe I should keep using docker... |
I was able to successfully pull, run and connect to a postgresql DB running podman as my regular user without any additional configuration.
Best Regards,
Georgi |
|
| Back to top |
|
|
logrusx
Advocate
Joined: 22 Feb 2018
Posts: 3120
|
| Posted: Wed Jun 25, 2025 8:46 am Post subject: |
|
|
I just updated docker and here's what postinst message it displayed:
| Quote: | * Install additional packages for optional runtime features:
* sys-apps/rootlesskit for rootless mode support
* for rootless mode you also need a network stack
* app-containers/slirp4netns for rootless mode network stack |
I haven't tried that and will likely not, but thought it was worth mentioning it.
Best Regards,
Georgi |
|
| Back to top |
|
|
|
Portage & Programming
