Sure that is much safer, especially where there could be conflicting
config files.
I was going for easy and quick test. But yours is better from a
security as well as a supportablity point of view.
On 3/23/20 15:50, Scott McCarty wrote:
I always have a bad feeling about mounting /etc :-( Personally, I
prefer creating a directory in /src for everything. This is what I use
for my wiki:
#!/bin/bash
podman run -d --read-only -p 80:80 --name
learn.fatherlinux.com
<
http://learn.fatherlinux.com> \
-v
/srv/learn.fatherlinux.com/code/mediawiki:/var/www/html/learn.fatherlinux.com:Z
<
http://learn.fatherlinux.com/code/mediawiki:/var/www/html/learn.fatherlin...
\
-v
/srv/learn.fatherlinux.com/config/LocalSettings.php:/var/www/html/learn.fatherlinux.com/LocalSettings.php:Z
<
http://learn.fatherlinux.com/config/LocalSettings.php:/var/www/html/learn...
\
-v
/srv/learn.fatherlinux.com/config/learn.fatherlinux.com.conf:/etc/httpd/conf.d/learn.fatherlinux.com.conf:Z
<
http://learn.fatherlinux.com/config/learn.fatherlinux.com.conf:/etc/httpd...
\
-v
/srv/learn.fatherlinux.com/config/htpasswd:/etc/httpd/conf.d/htpasswd:Z
<
http://learn.fatherlinux.com/config/htpasswd:/etc/httpd/conf.d/htpasswd:Z...
\
-v /srv/learn.fatherlinux.com/data/mariadb/:/var/lib/mysql:Z
<
http://learn.fatherlinux.com/data/mariadb/:/var/lib/mysql:Z> \
-v
/srv/learn.fatherlinux.com/data/images/:/var/www/html/learn.fatherlinux.com/images:Z
<
http://learn.fatherlinux.com/data/images/:/var/www/html/learn.fatherlinux...
\
-v
/srv/learn.fatherlinux.com/data/skins/:/var/www/html/learn.fatherlinux.com/skins:Z
<
http://learn.fatherlinux.com/data/skins/:/var/www/html/learn.fatherlinux....
\
--tmpfs /etc \
--tmpfs /var/log/ \
--tmpfs /var/tmp \
localhost/wiki
Best Regards
Scott M
On Mon, Mar 23, 2020 at 8:48 AM Daniel Walsh <dwalsh(a)redhat.com
<mailto:dwalsh@redhat.com>> wrote:
On 3/22/20 23:23, Philip Rhoades wrote:
> People,
>
>
> On 2020-03-23 12:16, Philip Rhoades wrote:
>> People,
>>
>> I want to have a MTA running from a container but is it
possible for
>> the containerised MTA:
>>
>> 1. to deliver mails to users on the host's file system dir (eg
>> /home/user/Maildir)?
>>
>> 2. to have access to the host's:
>>
>> /etc/passwd
>> /etc/shadow
>> /etc/group
>> /etc/gshadow
>>
>> files for users who are logging in to the host to look at their
mails?
>
>
> I worked out that I could use the run "-v" switch to answer Q #1
>
> Thanks,
>
> Phil.
>
Something like
# podman run --security-opt label:disable -v /etc:/etc:ro -v
/home/home
... MTAIMAGE ...
Might work.
Or you would have to get more fine grained on /etc mounts.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
<mailto:podman@lists.podman.io>
To unsubscribe send an email to podman-leave(a)lists.podman.io
<mailto:podman-leave@lists.podman.io>
--
--
Scott McCarty, RHCA Product Management - Containers, Red Hat
Enterprise Linux & OpenShift Email: smccarty(a)redhat.com
<mailto:smccarty@redhat.com> Phone: 312-660-3535 Cell: 330-807-1043
Web:
http://crunchtools.com
Using Azure Pipelines with Red Hat Universal Base Image and Quay.io:
https://red.ht/2TvYo3Y
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io