[ptxdist] ptxdist: support podman

[ptxdist] ptxdist: support podman

[Bruno Thomsen]

Hi

I am currently migrating our containerized CI pipelines from docker (moby) to
podman as it's more secure[1]. But ptxdist refuse to run as "root", but in reality
it's running with less privileges then the user that started it.

ptxdist: error: refusing to run PTXdist as root

Is it possible to do an extra podman check?

I found "/run/.containerenv" documented as an official flag to detect that a program
is in a container.

Bruno

[1] https://cloudnweb.dev/2019/06/replacing-docker-with-podman-power-of-podman/
[2] https://github.com/containers/libpod/blob/master/docs/podman-run.1.md
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] ptxdist: support podman

[Andreas Friesen]

Hi

> I am currently migrating our containerized CI pipelines from docker (moby) to
> podman as it's more secure[1]. But ptxdist refuse to run as "root", but in reality
> it's running with less privileges then the user that started it.
>
> ptxdist: error: refusing to run PTXdist as root

Yesterday I had the same problem, but with docker container...

creating a buildbot user solves the problem:

--8<--- Dockefile
FROM ubuntu:18.04
...

RUN groupadd -r buildbot && useradd -r -g buildbot buildbot -m -d /buildbot
USER buildbot
## END
-->8--- Dockerfile

> Is it possible to do an extra podman check?
>
> I found "/run/.containerenv" documented as an official flag to detect that a program
> is in a container.
>
> Bruno
>
> [1] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcloudnweb.dev%2F2019%2F06%2Freplacing-docker-with-podman-power-of-podman%2F&amp;data=02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d808d7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697&amp;sdata=ElDMLtqmeC0MCpolB%2FJBOY4ychVC0nZLilAPXqPSZAo%3D&amp;reserved=0
> [2] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcontainers%2Flibpod%2Fblob%2Fmaster%2Fdocs%2Fpodman-run.1.md&amp;data=02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d808d7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697&amp;sdata=%2FiB%2Bm9OI18uE8Tq0FH%2FHpJ8DeX0ZTEZ%2F0sLmNzDlFxQ%3D&amp;reserved=0
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de


--
Andreas Friesen
R&D Embedded Control Software
Tel.   : +49 6151-803445
Fax    : +49 6151-8039445
E-Mail : andreas.friesen@hbkworld.com
Web    : www.hbkworld.com
Hottinger Baldwin Messtechnik GmbH, Im Tiefen See 45, 64293 Darmstadt, Germany | www.hbm.com Registered as GmbH (German limited liability corporation) in the commercial register at the local court of Darmstadt, HRB 1147 Company domiciled in Darmstadt | Managing Directors: Thomas Lippok & Jens Wiegand | Chairman of the board: Joe Vorih Als Gesellschaft mit beschränkter Haftung eingetragen im Handelsregister des Amtsgerichts Darmstadt unter HRB 1147 Sitz der Gesellschaft: Darmstadt | Geschäftsführung: Thomas Lippok & Jens Wiegand | Aufsichtsratsvorsitzender: Joe Vorih The information in this email is confidential. It is intended solely for the addressee. If you are not the intended recipient, please let me know and delete this email. Die in dieser E-Mail enthaltene Information ist vertraulich und lediglich für den Empfänger bestimmt. Sollten Sie nicht der eigentliche Empfänger sein, informieren Sie mich bitte kurz und löschen diese E-Mail.

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de