{"id":662,"date":"2018-10-18T07:22:25","date_gmt":"2018-10-18T07:22:25","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw92\/?p=662"},"modified":"2018-10-18T15:29:06","modified_gmt":"2018-10-18T15:29:06","slug":"running-linux-containers-as-a-non-root-with-podman","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/18\/running-linux-containers-as-a-non-root-with-podman\/","title":{"rendered":"Running Linux containers as a non-root with Podman"},"content":{"rendered":"<p>Linux containers are processes with certain isolation features provided by a Linux kernel \u2014 including filesystem, process, and network isolation. Containers help with portability \u2014 applications can be distributed in container images along with their dependencies, and run on virtually any Linux system with a container runtime.<\/p>\n<p>Although container technologies exist for a very long time, Linux containers were widely popularized by Docker. The word \u201cDocker\u201d can refer to several different things, including the container technology and tooling, the community around that, or the Docker Inc. company. However, in this article, I\u2019ll be using it to refer to the technology and the tooling that manages Linux containers.<\/p>\n<h2>What is Docker<\/h2>\n<p><a href=\"https:\/\/docs.docker.com\/\">Docker<\/a> is a daemon that runs on your system as root, and manages running containers by leveraging features of the Linux kernel. Apart from running containers, it also makes it easy to manage container images \u2014 interacting with container registries, storing images, managing container versions, etc. It basically supports all the operations you need to run individual containers.<\/p>\n<p>But even though Docker is very a handy tool for managing Linux containers, it has two drawbacks: it is a daemon that needs to run on your system, and it needs to run with root privileges which might have certain security implications. Both of those, however, are being addressed by Podman.<\/p>\n<h2>Introducing Podman<\/h2>\n<p><a href=\"https:\/\/podman.io\/\">Podman<\/a> is a container runtime providing a very similar features as Docker. And as already hinted, it doesn\u2019t require any daemon to run on your system, and it can also run without root privileges. So let\u2019s have a look at some examples of using Podman to run Linux containers.<\/p>\n<h3>Running containers with Podman<\/h3>\n<p>One of the simplest examples could be running a Fedora container, printing \u201cHello world!\u201d in the command line:<\/p>\n<p>$ podman run &#8211;rm -it fedora:28 echo &#8220;Hello world!&#8221;<\/p>\n<p>Building an image using the common Dockerfile works the same way as it does with Docker:<\/p>\n<p>$ cat Dockerfile<br \/>\nFROM fedora:28<br \/>\nRUN dnf -y install cowsay<\/p>\n<p>$ podman build . -t hello-world<br \/>\n&#8230; output omitted &#8230;<\/p>\n<p>$ podman run &#8211;rm -it hello-world cowsay &#8220;Hello!&#8221;<\/p>\n<p>To build containers, Podman calls another tool called Buildah in the background. You can read a recent <a href=\"https:\/\/fedoramagazine.org\/daemon-less-container-management-buildah\/\">post about building container images with Buildah<\/a> \u2014 not just using the typical Dockerfile.<\/p>\n<p>Apart from building and running containers, Podman can also interact with container registries. To log in to a container registry, for example the widely used Docker Hub, run:<\/p>\n<p>$ podman login docker.io<\/p>\n<p>To push the image I just built, I just need to tag so it refers to the specific container registry and my personal namespace, and then simply push it.<\/p>\n<p>$ podman -t hello-world docker.io\/asamalik\/hello-world<br \/>\n$ podman push docker.io\/asamalik\/hello-world<\/p>\n<p>By the way, have you noticed how I run everything as a non-root user? Also, there is no big fat daemon running on my system!<\/p>\n<h3>Installing Podman<\/h3>\n<p>Podman is available by default on <a href=\"https:\/\/silverblue.fedoraproject.org\/\">Silverblue<\/a> \u2014 a new generation of Linux Workstation for container-based workflows. To install it on any Fedora release, simply run:<\/p>\n<p>$ sudo dnf install podman<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/secure.gravatar.com\/avatar\/b776875ff8d14ebf6ee0ce4311b8181b?s=96&amp;d=retro&amp;r=g\" alt=\"\" width=\"96\" height=\"96\" \/><\/p>\n<h4><a href=\"https:\/\/fedoramagazine.org\/author\/asamalik\/\">Adam \u0160amal\u00edk<\/a><\/h4>\n<p>Open source enthusiast and Fedora contributor. Design is not just how it looks like.<\/p>\n<p><a href=\"http:\/\/lxer.com\/module\/newswire\/ext_link.php?rid=261730\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux containers are processes with certain isolation features provided by a Linux kernel \u2014 including filesystem, process, and network isolation. Containers help with portability \u2014 applications can be distributed in container images along with their dependencies, and run on virtually any Linux system with a container runtime. Although container technologies exist for a very long &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/18\/running-linux-containers-as-a-non-root-with-podman\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Running Linux containers as a non-root with Podman&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-662","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=662"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/662\/revisions"}],"predecessor-version":[{"id":791,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/662\/revisions\/791"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}