Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is no longer true as of Podman 5 and Quadlet?

You can define rootless containers to run under systemd services as unprivileged users. You can use machinectl to login as said user and interact with systemctl.



Can you please link the docs for this?


This is a good intro [0], courtesy of Redhat.

This is a good example [1], cited elsewhere in this post.

Documentation for quadlet systemd units [2].

[0]: https://www.redhat.com/en/blog/quadlet-podman

[1]: https://mo8it.com/blog/quadlet/

[2]: https://docs.podman.io/en/latest/markdown/podman-systemd.uni...


You see, my issue with this is that it suggests using the quadlets with lingering users... Which is the same annoying case as with the article. It is not as with other systemd services that you just instruct systemd to take a temporary uid/gid and run the service with it.


Quadlet debuted with Podman 4.4 iirc.


Oh yes, correct!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: