This image provides an easy way to try out podman and a base for nested containerization scenarios where the child container should run as unprivileged user.
The alpine-based image contains the following statically linked binaries (without systemd support):
Containers need to be --privileged
.
Before the entrypoint script runs the provided command as unprivileged
user podman
(100000) it does some workarounds:
- Change the owner of the storage volume mount point
(
/podman/.local/share/containers/storage
) to the unprivilegedpodman
user. - Create cgroup from
/proc/1/cgroup
within/sys/fs/cgroup
if it does not exist because inside the container this cgroup is the cgroup root.
docker run --privileged mgoltzsche/podman:latest docker run alpine:latest echo hello from podman
./make.sh build test run