podman
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
CONTAINERS_CONF
mounts.conf
/etc/containers/mounts.conf
$HOME/.config/containers/mounts.conf
-
policy.json
/etc/containers/policy.json
-
short-name-aliases.conf
$ cat $HOME/.cache/containers/short-name-aliases.conf
[aliases]
"jenkins/jenkins" = "docker.io/jenkins/jenkins"storage.conf
# original version
$ cat /etc/containers/storage.conf | sed -e '/^#/ d' -e '/^$/ d'
[storage]
driver = "overlay"
runroot = "/run/containers/storage"
graphroot = "/var/lib/containers/storage"
[storage.options]
additionalimagestores = [
]
[storage.options.overlay]
mountopt = "nodev,metacopy=on"
[storage.options.thinpool]registries.conf
$ cat /etc/containers/registries.conf | sed -e '/^#/ d' -e '/^$/ d'
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
short-name-mode = "permissive"policy.json
rootless_storage_path$ grep rootless_storage_path /etc/containers/storage.conf
rootless_storage_path = "$HOME/.local/share/containers/storage"
$ /usr/bin/podman system migrateor
$ cat -n /etc/subgid
1 marslo:336370:65536
$ cat -n /etc/subuid
1 marslo:336370:65536
$ /usr/bin/podman system migrate$ sysctl kernel.unprivileged_userns_clonesubuid and subgid[!NOTE] Rootless mode Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in
/etc/subuidand/etc/subgidreferences:
$ sudo usermod --add-subuids 10000-75535 USERNAME
$ sudo usermod --add-subgids 10000-75535 USERNAME
# or
$ sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 username
# or
$ echo USERNAME:10000:65536 >> /etc/subuid
$ echo USERNAME:10000:65536 >> /etc/subgid$ podman system migrate[!TIP] reference:
error creating tmpdir: mkdir /run/user/1001: permission deniedissue
$ podman info
WARN[0000] Conmon at /usr/libexec/podman/conmon invalid: outdated conmon version
Error: error creating tmpdir: mkdir /run/user/1001: permission denied[!INFO|label:references:]
infomation check
$ sudo echo +cpu +cpuset +io +memory +pids > /sys/fs/cgroup/cgroup.subtree_controlCONTAINERS_REGISTRIES_CONF
registries.conf
/etc/containers/registries.conf
$HOME/.config/containers/registries.conf
CONTAINERS_STORAGE_CONF
storage.conf
/etc/containers/storage.conf
$HOME/.config/containers/storage.conf
-
containers.conf
/usr/share/containers/containers.conf
$HOME/.config/containers/containers.conf
$ cat /etc/containers/policy.json
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"registry.access.redhat.com": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}$ sudo loginctl enable-linger $(whoami)$ loginctl
SESSION UID USER SEAT TTY
2 33637 marslo
c1 42 gdm seat0 tty1
$ podman unshare cat /proc/self/uid_map
WARN[0000] Conmon at /usr/libexec/podman/conmon invalid: outdated conmon version
Error: error creating tmpdir: mkdir /run/user/1001: permission denie