To enter the Podman namespace, we use the podman unshare command. This namespace has its own set of user and group ids that map to your user session ids. However, Podman runs in a different user namespace then your user session. In order to run this container rootless, we need to set ownership of this directory to the media user and group. # create directory sudo mkdir /media # make yourself the owner sudo chown $(id -u -n):$(id -g -n) /media If you prefer, you can use a container volume which might simplify the setup but I find it less convenient for managing my files directly from my host machine. Note: in this guide, we are setting up a bind mount. This is where both the application configurations and downloaded files will be stored. We’ll create a directory at the root of the filesystem called /media. Now that we have a new user and group, we need to create a place for this user and group to store files. # create user, `-M` prevents home directory creation for this user sudo useradd -M media # create group sudo groupadd media # add user to group sudo usermod -a -G media media We then add it to a new a group, also called media. For this guide, we create a user called media. This is recommended to limit the service privileges in the event that someone malicious gains access to them. Next, we need to create a user and group to run your media services from. For example, to see your running containers, run: # same as running `docker ps -a` podman ps -s As mentioned before, podman commands are compatible with docker commands. Verify your install by running podman version. sudo dnf install -y podmanīy installing with sudo both root and regular users will have access to Podman. The first thing we want to do is install Podman. Please check out the links I’ve provided throughout this guide to familiarize yourself with the technologies involved. I created this guide after stumbling through getting these media services setup on my own and am in no way a Linux or containerization expert. This article is intended for educational purposes. The goal of this guide is to get the above services running in containers Disclaimer
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |