Does podman need sudo?

alciregi · August 10, 2018, 3:57pm

Hello. Maybe this is OT, I don’t know.
Does podman necessarily need to be invoked with sudo?
There are hopes in the future to use it also as unprivileged user?

geekgonecrazy · August 10, 2018, 7:04pm

I’m on silverblue and just earlier ran podman without sudo with no changes to group membership. If you need to escalate privs or anything i’m sure that would be a different story

You do have to add --net=host which is a bit odd to need to do out of the box… But I read somewhere that is only an atomic issue.

alciregi · August 10, 2018, 7:30pm

On Silverblue (F29), without sudo, I get
could not get runtime: chown /home/user/.containers/storage/vfs: operation not permitted

miabbott · August 10, 2018, 7:56pm

On Silverblue F28, I get a different error

$ rpm -q podman
podman-0.7.3-1.git0791210.fc28.x86_64
$ podman run --rm -it docker.io/alpine echo 'hello'
ERRO[0000] No subuid ranges found for user ""

I’ve always used sudo podman but the eventual goal of the project is to be able to run containers unprivileged.

ttomecek · August 20, 2018, 8:47am

On regular Fedora, podman utilizes user namespaces when invoked by a non-root user, so in the end it’s possible to use podman w/o root:

$ podman images
REPOSITORY                  TAG      IMAGE ID       CREATED        SIZE
docker.io/library/busybox   latest   8c811b4aec35   2 months ago   1.36MB
$ podman run -ti docker.io/library/busybox sh
/ # id
uid=0(root) gid=0(root) groups=65534(nogroup),65534(nogroup),65534(nogroup),65534(nogroup),65534(nogroup),65534(nogroup),65534(nogroup),0(root),65534(nogroup),65534(nogroup)
/ # exit
$ id
uid=1000(tt) gid=1000(tt)

geekgonecrazy · August 22, 2018, 1:05am

Ah… yup definitely spoke too soon.

If you try to run containers like mongo for instance you’ll get issues with things like:

error: failed switching to "mongodb": operation not permitted

So looks like only switching users inside the container is one thing that for sure is not supported. Running via root/sudo of course does the trick.

Any good places with tips and tricks for podman or is it still too new?

asamalik · August 22, 2018, 7:28am

On Silverblue:

$ rpm -q podman
podman-0.8.2.1-1.gitf38eb4f.fc28.x86_64
$ podman run --rm -it fedora:28 echo hello
hello
$ podman run --rm -it -p 8080:8080 fedora:28 echo hello
port bindings are not yet supported by rootless containers
$ echo hello > hello/hello.txt
$ podman run --rm -it -v $(pwd)/hello:/hello:z fedora:28 cat /hello/hello.txt
hello

Topic		Replies	Views
Toolbox + sudo error Project Discussion silverblue-team	6	1717	June 1, 2019
Migration from docker to podman after upgrade Project Discussion silverblue-team	4	1818	December 10, 2018
Strategies for using unprivileged podman as a build tool Project Discussion silverblue-team	5	1720	March 16, 2019
Podman run fails silently? Project Discussion silverblue-team	3	2100	February 17, 2020
Toolbox on Silverblue vs on Fedora Workstation Ask Fedora	2	1009	June 7, 2019

Does podman need sudo?

Related topics