Dear all,

   I started with Docker a few weeks ago and understood security issues coming from the root daemon. I saw that podman was close to Doker (and it is true, my Dockerfiles worked without modification) and solved this security issue.

  With podman, things work well as long as I use my images / containers in root mode, using sudo. However nothing works in user mode.

  I guess that for security reasons, it would be better, by far, to run containers in user mode. And I cannot understand how it works.

  In root mode, typing  "ip a" exhibits an eth0 network card, with an ip. And when I use this  ip with the considered port fron the outside of the container (i.e. from the main OS), it works

  In rootless mode, the same command gives a tap0 interface instead, with another ip on another sob network I guess.

   now if I force the usage of the podman network (in rootless mode), with --network podman, now I get a eth0 network interface, on the same sub network as in root mode.  It seems to correspond to the cni-podman0 network on the host OS.

   However, when I do :

from the podman container, it works, whereas from the host OS, it does not work, whereas the interface responds to ping  from the host.

   

 Can someone help ?

   Regards,

     Mike