* [ptxdist] ptxdist: support podman @ 2019-10-15 13:35 Bruno Thomsen 2019-10-15 23:00 ` Andreas Friesen 0 siblings, 1 reply; 2+ messages in thread From: Bruno Thomsen @ 2019-10-15 13:35 UTC (permalink / raw) To: ptxdist Hi I am currently migrating our containerized CI pipelines from docker (moby) to podman as it's more secure[1]. But ptxdist refuse to run as "root", but in reality it's running with less privileges then the user that started it. ptxdist: error: refusing to run PTXdist as root Is it possible to do an extra podman check? I found "/run/.containerenv" documented as an official flag to detect that a program is in a container. Bruno [1] https://cloudnweb.dev/2019/06/replacing-docker-with-podman-power-of-podman/ [2] https://github.com/containers/libpod/blob/master/docs/podman-run.1.md _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] ptxdist: support podman 2019-10-15 13:35 [ptxdist] ptxdist: support podman Bruno Thomsen @ 2019-10-15 23:00 ` Andreas Friesen 0 siblings, 0 replies; 2+ messages in thread From: Andreas Friesen @ 2019-10-15 23:00 UTC (permalink / raw) To: ptxdist Hi > I am currently migrating our containerized CI pipelines from docker (moby) to > podman as it's more secure[1]. But ptxdist refuse to run as "root", but in reality > it's running with less privileges then the user that started it. > > ptxdist: error: refusing to run PTXdist as root Yesterday I had the same problem, but with docker container... creating a buildbot user solves the problem: --8<--- Dockefile FROM ubuntu:18.04 ... RUN groupadd -r buildbot && useradd -r -g buildbot buildbot -m -d /buildbot USER buildbot ## END -->8--- Dockerfile > Is it possible to do an extra podman check? > > I found "/run/.containerenv" documented as an official flag to detect that a program > is in a container. > > Bruno > > [1] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcloudnweb.dev%2F2019%2F06%2Freplacing-docker-with-podman-power-of-podman%2F&data=02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d808d7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697&sdata=ElDMLtqmeC0MCpolB%2FJBOY4ychVC0nZLilAPXqPSZAo%3D&reserved=0 > [2] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcontainers%2Flibpod%2Fblob%2Fmaster%2Fdocs%2Fpodman-run.1.md&data=02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d808d7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697&sdata=%2FiB%2Bm9OI18uE8Tq0FH%2FHpJ8DeX0ZTEZ%2F0sLmNzDlFxQ%3D&reserved=0 > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de -- Andreas Friesen R&D Embedded Control Software Tel. : +49 6151-803445 Fax : +49 6151-8039445 E-Mail : andreas.friesen@hbkworld.com Web : www.hbkworld.com Hottinger Baldwin Messtechnik GmbH, Im Tiefen See 45, 64293 Darmstadt, Germany | www.hbm.com Registered as GmbH (German limited liability corporation) in the commercial register at the local court of Darmstadt, HRB 1147 Company domiciled in Darmstadt | Managing Directors: Thomas Lippok & Jens Wiegand | Chairman of the board: Joe Vorih Als Gesellschaft mit beschränkter Haftung eingetragen im Handelsregister des Amtsgerichts Darmstadt unter HRB 1147 Sitz der Gesellschaft: Darmstadt | Geschäftsführung: Thomas Lippok & Jens Wiegand | Aufsichtsratsvorsitzender: Joe Vorih The information in this email is confidential. It is intended solely for the addressee. If you are not the intended recipient, please let me know and delete this email. Die in dieser E-Mail enthaltene Information ist vertraulich und lediglich für den Empfänger bestimmt. Sollten Sie nicht der eigentliche Empfänger sein, informieren Sie mich bitte kurz und löschen diese E-Mail. _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-15 23:00 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-10-15 13:35 [ptxdist] ptxdist: support podman Bruno Thomsen 2019-10-15 23:00 ` Andreas Friesen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox