I'd posted in a thread with @mheon  asking if there was a convention
that the podman (or systemd) community would recommend for accessing
user accounts that are "daemonized" (e.g. `loginctl enable-linger
The state of the user for deployment is something like:
$ mkdir /containers
$ semanage fcontext -a -e /home /containers
$ restorecon -vR /containers
$ groupadd -g 2000 hedgedoc
$ useradd -g 2000 -u 2000 -d /containers/hedgedoc -s /sbin/nologin
$ usermod --add-subuids 200000000-200065535 --add-subgids 200000000-
$ loginctl enable-linger hedgedoc
There is a more opinionated longer write up here . Something that
I've not been doing is setting a shell and providing access to the user
via ssh. This may be weird, but one of the thinks was that by not
having a shell, running rootless-as-non-root, the application is pretty
From what we can gather there are a couple options:
Seems like the most reasonable option, as root or sudo you:
$ runuser -ls /bin/bash hedgedoc
This will log you in, set the shell to bash, and set your working
directory to the users home directory. You can then use the shell to
interact with the user slice, invoke podman, invoke podman generate,
and daemonize pods/containers.
$ su -s /bin/bash hedgedoc
This will log you in, set the shell to bash. However doesn't change
home directory. Works similar to above, but seems like runuser has more
niceness to the experience.
This is a bit more weird, but potentially is what systemd _wants_
people to do:
$ systemctl --user --machine=hedgedoc@.host <things>
This would allow you to interact with user units, you could drop them
in place with ansible/pyinfra and then use this `--machine` invocation
to examine the state of the unit.
- Is this something the podman folks are thinking about, mheon seems
to reference it but it was very hard to figure out how to actually
- Is there a way to obtian a shell with this method?
Was generally curious to see if anyone would offer opinions on how they
are using user slice deployments. I've been watching quadlet  with
interest as well.
The Podman Community Cabal meeting is happening in just under 24 hours.
Thursday December 16, 2021, 11:00 a.m. EST (UTC-4). We'll be talking
about Lima and have time for topics of interest. Agenda here:
Hope to see you there!
Hey, a couple of thoughts on the podman.io blog issue brought up during the
last Podman community cabal call (
Summary: Podman has a need for a low-overhead of posting blog posts; the
current system involves other websites and platforms and is process-heavy.
(Hopefully this is an accurate summary, lmk if not.)
- One option would be to use wordpress which has a post-by-email
feature... you have to keep the email you send the posts to secret / only
share w people authorized to post / otherwise there is no overhead /
process to getting posts live. Appears it may be possible to then import
the wordpress RSS feed into the existing jekyll site with smtg like this
- Other option (perhaps better) - use antora instead of jekyll. GitHub
pages supports antora, it lets you have a site generated from multi-repos,
believe it would enable stuff like taking snippets from the podman repo's
docs and pulling into the website in a diff repo. Could create another repo
just for informal blog content, give everyone you'd ever want to post a
blog full commit access just to that repo, antora can read in from that and
use it to generate blog posts on website (and authors wouldn't need commit
access to website)
- WP post by email https://jetpack.com/support/post-by-email/
- Antora github pages support
- Antora multi-repo functionality
My experience is with Jekyll and not Antora but I am currently playing
around with Antora to see if I can get a multi-repo proof-of-concept
together. If someone more technically ept would like to help, let me know
:) I am @duffy:fedora.im on Matrix and in the Podman channel!
The Podman Community Meeting is happening 21 hours from now, on Tuesday
Dec 7, 2021, at 11:00 a.m. EST (UTC-5). Podman on Windows, Netavark,
Netavark's COPR and more! Free to attend, video link here on the
Hope to see you there!
Dumb question. I looked thru the mail archive and couldn't find what I was looking for.
With Docker, if you inspect the container, you can see a RestartPolicy. Lets you know if the container will restart if the server reboots.
We have a container run Podman (version 1.4.2-stable2, yes its older, however its what I have to work with for now), is there a way to tell if restart has been set for a container?
I'm running podmon on an up to date Rocky Linux 8 system. I'm trying to
run a rootless container. Before my update to Rocky Linux 8.5, the
rootless container was running just fine. After my update and reboot, I
keep getting this error:
Error: container_linux.go:380: starting container process caused:
process_linux.go:545: container init caused: process_linux.go:508:
setting cgroup config for procHooks process caused: open
pids.max: no such file or directory: OCI runtime attempted to invoke a
command that was not found
I did enable lingering for the "containers" user and created the file
/etc/systemd/system/user@.service.d/delegate.conf. I've run
"systemctl daemon-reload" after rebooting. I'm also exporting
XDG_RUNTIME_DIR in the user's .bashrc. None of this seems to be working
now, though it did stop similar errors before the update.
Does anyone know why the pids.max cgroup isn't being created now?
I cloned this:
and did a "podman build" on the Dockerfile and it made it to step 39 (of
59) before stopping with a complaint about a missing dir . .
It would be great to get a Fedora Podman Discourse container going (in a
separate exercise some time ago I was able to get a development-only
version going but I eventually gave up on the too-hard production
version) - anyone interested in helping / advising?
PO Box 896
Cowra NSW 2794
The Podman Community Meeting will be next Tuesday, December 7, 2021, at
11:00 a.m. EST (UTC-4). So far, only one topic, a Podman on Windows
Demo. Hit me up if you have a topic!
Video Conference: https://bluejeans.com/880216278/2568
Hope to see you there!