4:14 p.m.
Hi,
I want to run a build job inside a podman container. This is only done
to have better control on what tools and versions of those are
installed. I'm not interested in any isolation or security and would
ideally like my my user id, groups and so on to stay the same as on the
host. So far things look quite promising when using these flags:
--cgroups=disabled
--net=host
--annotation=run.oci.keep_original_groups=1
--security-opt label=disable
Is there any easier / better way to achieve this kind of thin "isolation"?
regards,
Hendrik
10:07 a.m.
On 6/22/21 16:14, Hendrik Haddorp wrote:
Hi,
I want to run a build job inside a podman container. This is only done
to have better control on what tools and versions of those are
installed. I'm not interested in any isolation or security and would
ideally like my my user id, groups and so on to stay the same as on the
host. So far things look quite promising when using these flags:
--cgroups=disabled
--net=host
--annotation=run.oci.keep_original_groups=1
--security-opt label=disable
Is there any easier / better way to achieve this kind of thin
"isolation"?
regards,
Hendrik
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
With podman 3.2 you can do.
podman run --privileged --userns=keep-id --group-add keep-groups
--net=host --cgroups=disabled
You could also add --pid=host --ipc=host
Or look at toolbox, which wraps podman to make user containers for
developers.
1247
days inactive
1248
days old
1 comments
2 participants
participants (2)
-
Daniel Walsh -
Hendrik Haddorp