Hi all, for ~every message posted to this list, some email clients
display an error, in my case "This email has failed its domain's
authentication requirements. It may be spoofed or improperly
These are the authentication results for a recent message from the
Authentication-Results: mailin008.protonmail.ch; arc=none smtp.remote-ip=22.214.171.124
Authentication-Results: mailin008.protonmail.ch; dkim=none
Authentication-Results: mailin008.protonmail.ch; spf=none smtp.mailfrom=lists.podman.io
Authentication-Results: mailin008.protonmail.ch; dmarc=fail (p=none dis=none) header.from=redhat.com
If I understand correctly, Mailman has an option to change the
From: header in the email and add the original sender's name and
address to the Reply-To: header, which leads to a slightly worse user
experience, but is better for security because it reduces the number
of false positives we get exposed to.
So my question is, could we enable DMARC mitigation to reduce
I make periodic backups of my laptop where I use some podman containers.
To perform a backup I just invoke rsync to copy my /home/xxxx/.local/share/containers
directory to nfs mounted filesystem.
Containers are running, but quiescent, no real activity occurs.
Is this a correct way to back up or is there anything special about
container directory to be taken into account? As far as I understand
some hash-named subdirectories are shared between different containers
and images using special kind of mounts, can this lead to duplicate
copies r inconsistencies?
Underlying fs is btrfs.
\ / | |
(OvO) | Михаил Иванов |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
I am quite new to Podman/Docker and containers in general. For some
reasons, I want to run systemd in a unprivileged container, but it does
not really works:
- If I run my container with `podman run localhost/my_image:latest` it
fails with error "Trying to run as user instance, but the system has not
been booted with systemd.". Using option `systemd=always` does not help.
- However, if I run my container with `podman run
localhost/my_image:latest /lib/systemd/systemd` then it works.
RUN apt-get update
RUN apt-get install systemd --assume-yes --no-install-recommends
Do you know what should I do so that my `CMD /lib/systemd/systemd`
I am following Dan Walsh’s SysAdmin article (https://developers.redhat.com/blog/2019/08/14/best-practices-for-running-...) to speed up our CI builds in Jenkins.
I am trying to do what’s suggested under “Additional stores”, basically volume mounting the directory where the containerd stores on the K8s host into a container under /var/lib/shared.
We are running containerd as the runtime on an EKS cluster.
According to the article, I need to do:
# mkdir /var/lib/containers4
# podman run -v ./build:/build:z -v /var/lib/containers/storage:/var/lib/shared:ro -v \ /var/lib/containers4:/var/lib/containers:Z quay.io/buildah/stable<http://quay.io/buildah/stable> \
buildah -t image4 bud /build
# podman run -v /var/lib/containers/storage:/var/lib/shared:ro \
-v >/var/lib/containers4:/var/lib/containers:Z quay.io/buildah/stable<http://quay.io/buildah/stable> buildah push image4 \ registry.company.com/myuser<http://registry.company.com/myuser>
Can someone please tell me the equivalent directory for /var/lib/containers/storage? I.e where does containerd store the download images on the Kubernetes worker nodes?
The containerd config looks like this:
# cat /etc/containerd/config.toml
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
address = "/run/containerd/containerd.sock"
default_runtime_name = "runc"
sandbox_image = “XXXXXXXX.amazonaws.com/eks/pause:3.5<http://XXXXXXXX.amazonaws.com/eks/pause:3.5>"
runtime_type = "io.containerd.runc.v2"
SystemdCgroup = true
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
Thanks in advance.
I work on a podman container for postfix + dovecot. On my host, the
encrypt keys (including the private key) are stored in
/etc/letsencrypt/live/xxxxx.xxx/, and these keys have to be used by
both postfix and dovecot.
However the "/etc/letsencrypt/live" folder is only accessible by
root, so that when I share the /etc/letsencrypt folder using the -v
option, the container has no access to the live folder. Of course, if I
do awful things like chmod 777 on the /etc/letsencrypt/live folder
everything is ok. But of course it is not a good way for that.
I wanted to know what I should do to avoid this chmod 777 while
working with a rootless container. Can I map the volume using root ?
(and if so is it a good idea ?) Should I play with groups on the host
(= a group called like "encrypters", that may contain only root and the
user that runs the container ?) Or a root process that performs copies
of the keys ?
I also have seen the "--secret" option for podman I did not
understad If it would solve my problem. Please also notice that the
"let's encrypt" keys are re-generated sometimes because they have a 1
If there is some guideline somewhere about this topic please show me.
My host is ubuntu 22.04, and the podman version is 3.4.4. I don't use
SE linux for now.
Thanks a lot,