Project

General

Profile

Actions
Copy link

action #87976

closed

coordination #87853: [epic][brainstorming]

test base container in rootless mode

Added by ybonatakis about 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
ybonatakis
Target version:
-
Start date:
2021-01-19
Due date:
% Done:

0%

Estimated time:
Tags:
qac

Description

Running the container tools as a user with superuser privilege (root user) is the best way to ensure that your containers have full access to any feature available on your system. However, with a new feature called "Rootless Containers," available now, you can work with containers as a regular user.

Although container engines, such as Docker, let you run docker commands as a regular (non-root) user, the docker daemon that carries out those requests runs as root. So, effectively, regular users can make requests through their containers that harm the system, without there being clarity about who made those requests. By setting up rootless container users, system administrators limit potentially damaging container activities from regular users, while still allowing those users to safely run many container features under their own accounts.

https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics/

Jira epic: https://jira.suse.com/browse/SLE-14574

Actions
Copy link
 #1

Updated by jlausuch about 4 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by ybonatakis about 4 years ago

  • Status changed from New to In Progress
  • Assignee set to ybonatakis
Actions
Copy link
 #4

Updated by ybonatakis about 4 years ago

  • Status changed from In Progress to Feedback

All comments have been addressed.
VRs run successfully

Actions
Copy link
 #5

Updated by ybonatakis about 4 years ago

The rootless_podman has been added to the main_common and to the container_basic test suite.
The modules seems to fail on JeOS https://openqa.opensuse.org/tests/1635628#step/rootless_podman/61
I filled https://bugzilla.opensuse.org/show_bug.cgi?id=1182507 but it needs some investigation and update the ticket

Finally i have created https://progress.opensuse.org/issues/88843 to remove the workaround and replace it with the acl

Actions
Copy link
 #7

Updated by ybonatakis almost 4 years ago

  • Status changed from Resolved to In Progress

reopen to fix https://openqa.suse.de/tests/5495799#
podman is not available on sle12

Actions
Copy link
 #8

Updated by ybonatakis almost 4 years ago

  • Status changed from In Progress to Resolved

merged.

Actions
Copy link

Also available in: Atom PDF