ฝัง
- เผยแพร่เมื่อ 20 ก.ย. 2024
- Speaker(s): Clemens Lang
Podman can use unprivileged user namespaces to allow non-root users to start containers. This means root inside the container is no longer also root outside the container. Less root is better, so we should clearly all be running our containers rootless, right?
Unfortunately, networking for rootless containers has a few downsides (that differ depending on which implementation you use). Can we not start our containers as rootless to make sure our processes don't have privileges, yet still use normal, rootful networking?
Turns out we can! This is the story of how I chased a possibility mentioned on the last slide of a 2021 presentation and a post on the podman list to use rootful networking with rootless podman containers.
Warning: you might learn more than you want on how network namespaces work.
sched.co/1MYkl
![HIWWHEE | OHM [Official MV]](http://i.ytimg.com/vi/OJJLtTLqLag/mqdefault.jpg)
Great talk! Thank you for the Network insights of Podman!!
Thanks, that's exactly what I wanted to play around with.