From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail-eopbgr130139.outbound.protection.outlook.com
 ([40.107.13.139] helo=EUR01-HE1-obe.outbound.protection.outlook.com)
 by metis.ext.pengutronix.de with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <bth@kamstrup.com>) id 1iKMyw-0004TJ-K5
 for ptxdist@pengutronix.de; Tue, 15 Oct 2019 15:35:23 +0200
From: Bruno Thomsen <bth@kamstrup.com>
Date: Tue, 15 Oct 2019 13:35:20 +0000
Message-ID: <HE1PR04MB3130D438AF59679BFE2CAB6EDC930@HE1PR04MB3130.eurprd04.prod.outlook.com>
Content-Language: en-US
MIME-Version: 1.0
Subject: [ptxdist] ptxdist: support podman
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>

Hi

I am currently migrating our containerized CI pipelines from docker (moby) to
podman as it's more secure[1]. But ptxdist refuse to run as "root", but in reality
it's running with less privileges then the user that started it.

ptxdist: error: refusing to run PTXdist as root

Is it possible to do an extra podman check?

I found "/run/.containerenv" documented as an official flag to detect that a program
is in a container.

Bruno

[1] https://cloudnweb.dev/2019/06/replacing-docker-with-podman-power-of-podman/
[2] https://github.com/containers/libpod/blob/master/docs/podman-run.1.md
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de