shouldn't the current directory be the default context for "podman build"?
by Robert P. J. Day
"man podman-build" suggests that the context argument is optional:
SYNOPSIS
podman build [options] [context]
podman image build [options] [context]
...
If no context directory is specified, then Podman will assume
the current working directory as the build context, which
should contain the Containerfile.
but if i have a directory with nothing but a Containerfile, i get:
$ podman build
Error: no context directory specified, and no containerfile specified
$
OTOH, specifying context of current directory:
$ podman build .
STEP 1: FROM alpine:latest
... etc etc ...
thoughts?
rday
10 months, 3 weeks
image signing
by Hendrik Haddorp
Hi,
is OpenPGP the only supported image signing open supported by podman /
skopeo or are there other options? Using OpenGPG works quite fine for me
so far but in the end we are trying to sign an image using an IBM 4765
crypto card and so far have not figured out how this can play together.
thanks,
Hendrk
4 years, 7 months
Getting Docker Discourse running with Podman
by Philip Rhoades
People,
I can run the discourse image with docker, export the container and
import it as an image into podman.
The script that manages docker discourse containers is:
/var/discourse/launcher
and is attached. It would be good if it were possible to just replace
all the occurrences of "docker" with "podman", fix version numbers etc
and be able to use the script - but can any gurus see dockerisms in the
script that will cause podman gotchas for this idea?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: phil(a)pricom.com.au
4 years, 9 months
Bind to HTTP(S) ports in a rootful container executing application as a non-root user
by Chintan from Rebhu
Hello!!
I am starting a container using the following command
`sudo podman run -p 80:80 -v ./envoy.yaml:/etc/envoy/envoy.yaml:Z
--name dev-envoy --network dev --security-opt
label=type:envoy.process envoyproxy/envoy:v1.15.0`
The application starts but exits. It cannot bind to container's port
80.Here is an excerpt from logs:
`cannot bind '0.0.0.0:80': Permission denied`
The SEModule policy was generated using Udica. It can be reviewed here
<https://pastebin.com/3Du3GTzt>. Steps for this process are discussed in
an earlier thread named 'Logs show permission denied error'.
The containerfile used to created this container image executes the
application as a non-root user. As the container exits right after it
starts, it is impossible to access the container's terminal and attempt
elementary troubleshooting steps.
How to bind to HTTP(S) and other lower ports in a rootful container when
the application executes as a non-root user?
Thank you.
--
Chintan Mishra
5 years, 1 month
Security Announcement
by Matt Heon
Today, we're releasing updates to fix CVE-2020-14370 [1], a security
issue in Podman. This is a medium-severity information disclosure
vulnerability that affects containers created using Podman’s Varlink
API or the Docker-compatible version of its REST API. If two or more
containers are created using these APIs, and the first container had
environment variables added to it when it was created, all subsequent
containers created using the Varlink or Docker-compatible REST APIs
will also have these environment variables added. This effect does not
persist after restarting the Podman API service.
Podman v2.0.5 and higher contain a fix for the CVE. If you use either
of these APIs, please update to Podman v2.0.5 or later. We will also
be patching the long-term support v1.6.4 release used in RHEL and
CentOS.
[1] https://access.redhat.com/security/cve/cve-2020-14370
5 years, 1 month
`Rstudio` Server in `Docker` container: Can't access locally mapped 8787 port (Byzantine Infrastructure)
by Johannes Graumann
Reposted form
https://community.rstudio.com/t/rstudio-server-in-docker-container-cant-a...
Hoping for clarification(s) from the source ...
Hi,
I'm trying to get the following to run:
* In a QubesOS Xen VM running Fedora 31, I'm
* using podman to run a rootless docker.io/rocker/tidyverse container
as follows:
podman run -d -p 127.0.0.1:8787:8787 -v /tmp:/tmp -e ROOT=TRUE -e
DISABLE_AUTH=TRUE docker.io/rocker/tidyverse
From the podman host I can test the setup using curl like so:
curl -I --user-agent 'GoogleChrome' http://localhost:8787
with the following result:
HTTP/1.1 200 OK
X-Frame-Options: DENY
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: text/html
Content-Length: 1339
Date: Wed, 09 Sep 2020 22:38:46 GMT
Connection: close
X-Content-Type-Options: nosniff
Server: RStudio
That looks OKish, no?
When I try however (again in the podman hosting Xen VM) to access
localhost:8787 using a browser (tried firefox and chromium), the tab
shows the appropriate RStudio label, yet the loading-indicating applet
spins endlessly to be replaced by a message stating that R takes longer
than usual to load, accompagnied by buttons for reloading, starting in
safe mode and restarting the R session (none of which make any
difference).
Does anyone have an inkling why I might be unable to browse to the
RStudio Server installation? Is this a case of browser incompatibility
fixable by using Google Chrome proper (or adjusting the user agent
string (to what?))?
Thanks for any hints.
Sincerely, balin
5 years, 1 month
How to build rootfs.tar from RHEL UBI image (pulled with podman)
by Dev Linux
If I pull a RHEL UBI image like so (On Windows using cygwin and podman),
$podman pull registry.access.redhat.com/ubi8/ubi
Is there a command I can run on the host system (Windows) to create a file
on the host (Windows) that would be a rootfs.tar of the UBI image that was
pulled?
------------------------------
I want to then use that rootfs.tar to run on the Windows host under WSL2.
If anyone has done this *or if there is another way* to fetch the UBI image
as a rootfs.tar, it would be greatly helpful.
---
This is something I want to do regularly (pull the latest UBI image, on the
day of each new update/release of the image), and run under Windows WSL2.
---
5 years, 1 month
Announcing the first Podman Community Meeting - Tues Oct 6, 2020 11:00 a.m. Eastern
by Tom Sweeney
Hi All,
After receiving a number of requests, we've decided to hold a
Podman Community Meeting on the first Tuesday of every month starting on
October 6, 2020. At the moment the meetings are planned to be held at
11:00 a.m. and we'll be holding the meeting via a video conference. We
will publish an agenda and will ask people to send in questions prior
and we will also set aside a chunk of time at the end of the meeting for
an open question and answer session.
These meetings will be free to attend and all are welcome. We are
still working out the details of the agenda and the video software to
use, so please stay tuned for more details in the next week or two. We
just primarily wanted to get this announcement out so you could set
aside the time if you wanted to attend.
We look forward to seeing many of you in the meeting on October 6th!
Best Wishes,
t
5 years, 1 month
Podman (Containers) community meeting?
by Daniel Walsh
We have been discussing setting up a bi-weekly community/contributors
meeting on the container engines. Would people/contributors be
interested in participating in this?
We are debating doing it either via bluejeans or just in IRC on the
#podman channel in #freenode.
We would like to have open communications about what we plan on working
on in the Container Engines team and would like to get feedback
requirements and other ideas from the greater community.
What do people think? Our goal would be to do this at a time that is
open to Full US and Europe at least to start.
Maybe around 14:00 or 15:00 UTC.
5 years, 1 month
