RHCSA 02 - 自启动rootless容器
Posted 王万林 Ben
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了RHCSA 02 - 自启动rootless容器相关的知识,希望对你有一定的参考价值。
前言
本文演示如何创建自启动rootless容器。
什么是rootless容器?
一般我们看到的容器,都是使用root账号启动。而rootless容器则指的是以非root账号启动的容器。
实践
步骤1:安装容器包
[root@ad57f7d54660 ~]# dnf module install -y container-tools
Rocky Linux 8 - AppStream 19 kB/s | 4.8 kB 00:00
Rocky Linux 8 - AppStream 19 MB/s | 8.8 MB 00:00
Rocky Linux 8 - BaseOS 18 kB/s | 4.3 kB 00:00
Rocky Linux 8 - BaseOS 9.9 MB/s | 3.6 MB 00:00
Rocky Linux 8 - Extras 16 kB/s | 3.5 kB 00:00
Rocky Linux 8 - Extras 39 kB/s | 11 kB 00:00
Dependencies resolved.
====================================================================================================
Package Arch Version Repository Size
====================================================================================================
Upgrading:
audit x86_64 3.0.7-2.el8.2 baseos 262 k
audit-libs x86_64 3.0.7-2.el8.2 baseos 122 k
libsemanage x86_64 2.9-8.el8 baseos 167 k
platform-python-pip noarch 9.0.3-22.el8.rocky.0 baseos 1.6 M
policycoreutils x86_64 2.9-19.el8 baseos 373 k
Installing group/module packages:
buildah x86_64 1:1.24.2-4.module+el8.6.0+971+69b94baf appstream 8.0 M
cockpit-podman noarch 43-1.module+el8.6.0+971+69b94baf appstream 492 k
conmon x86_64 2:2.1.0-1.module+el8.6.0+971+69b94baf appstream 54 k
container-selinux noarch 2:2.179.1-1.module+el8.6.0+971+69b94baf appstream 57 k
containernetworking-plugins x86_64 1:1.0.1-2.module+el8.6.0+971+69b94baf appstream 18 M
containers-common x86_64 2:1-27.module+el8.6.0+971+69b94baf appstream 95 k
criu x86_64 3.15-3.module+el8.6.0+971+69b94baf appstream 517 k
crun x86_64 1.4.4-1.module+el8.6.0+971+69b94baf appstream 208 k
fuse-overlayfs x86_64 1.8.2-1.module+el8.6.0+971+69b94baf appstream 72 k
libslirp x86_64 4.4.0-1.module+el8.6.0+971+69b94baf appstream 69 k
podman x86_64 2:4.0.2-6.module+el8.6.0+971+69b94baf appstream 13 M
python3-podman noarch 4.0.0-1.module+el8.6.0+785+d1251653 appstream 148 k
runc x86_64 1:1.0.3-2.module+el8.6.0+971+69b94baf appstream 3.0 M
skopeo x86_64 2:1.6.1-2.module+el8.6.0+971+69b94baf appstream 6.7 M
slirp4netns x86_64 1.1.8-2.module+el8.6.0+971+69b94baf appstream 50 k
toolbox x86_64 0.0.99.3-0.4.module+el8.6.0+971+69b94baf appstream 2.2 M
udica noarch 0.2.6-3.module+el8.6.0+971+69b94baf appstream 48 k
Installing dependencies:
checkpolicy x86_64 2.9-1.el8 baseos 345 k
cockpit-bridge x86_64 264.1-1.el8 baseos 533 k
dejavu-fonts-common noarch 2.35-7.el8 baseos 73 k
fontpackages-filesystem noarch 1.44-22.el8 baseos 15 k
fuse-common x86_64 3.3.0-15.el8 baseos 21 k
fuse3 x86_64 3.3.0-15.el8 baseos 53 k
fuse3-libs x86_64 3.3.0-15.el8 baseos 94 k
glib-networking x86_64 2.56.1-1.1.el8 baseos 153 k
gsettings-desktop-schemas x86_64 3.32.0-6.el8 baseos 632 k
json-glib x86_64 1.4.4-1.el8 baseos 143 k
libmodman x86_64 2.0.1-17.el8 baseos 35 k
libnet x86_64 1.1.6-15.el8 appstream 66 k
libproxy x86_64 0.4.15-5.2.el8 baseos 73 k
podman-catatonit x86_64 2:4.0.2-6.module+el8.6.0+971+69b94baf appstream 353 k
policycoreutils-python-utils noarch 2.9-19.el8 baseos 252 k
protobuf-c x86_64 1.3.0-6.el8 appstream 36 k
python3-audit x86_64 3.0.7-2.el8.2 baseos 86 k
python3-chardet noarch 3.0.4-7.el8 baseos 194 k
python3-idna noarch 2.5-5.el8 baseos 96 k
python3-libsemanage x86_64 2.9-8.el8 baseos 127 k
python3-pip noarch 9.0.3-22.el8.rocky.0 appstream 19 k
python3-policycoreutils noarch 2.9-19.el8 baseos 2.2 M
python3-pysocks noarch 1.6.8-3.el8 baseos 33 k
python3-pytoml noarch 0.1.14-5.git7dea353.el8 appstream 24 k
python3-pyxdg noarch 0.25-16.el8 appstream 93 k
python3-requests noarch 2.20.0-2.1.el8_1 baseos 122 k
python3-setools x86_64 4.3.0-3.el8 baseos 623 k
python3-setuptools noarch 39.2.0-6.el8 baseos 162 k
python3-urllib3 noarch 1.24.2-5.el8 baseos 176 k
python36 x86_64 3.6.8-38.module+el8.5.0+671+195e4563 appstream 18 k
shadow-utils-subid x86_64 2:4.6-16.el8 baseos 111 k
yajl x86_64 2.1.0-10.el8 appstream 40 k
Installing weak dependencies:
abattis-cantarell-fonts noarch 0.0.25-6.el8 appstream 154 k
dejavu-sans-mono-fonts noarch 2.35-7.el8 baseos 446 k
tar x86_64 2:1.30-5.el8 baseos 837 k
Installing module profiles:
container-tools/common
Enabling module streams:
container-tools rhel8
python36 3.6
Transaction Summary
====================================================================================================
Install 52 Packages
Upgrade 5 Packages
Total download size: 64 M
Downloading Packages:
(1/57): abattis-cantarell-fonts-0.0.25-6.el8.noarch.rpm 2.0 MB/s | 154 kB 00:00 A
(2/57): conmon-2.1.0-1.module+el8.6.0+971+69b94baf.x86_64.rpm 3.6 MB/s | 54 kB 00:00
(3/57): cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch.rpm 4.8 MB/s | 492 kB 00:00
(4/57): container-selinux-2.179.1-1.module+el8.6.0+971+69b94baf.noa 5.8 MB/s | 57 kB 00:00
(5/57): containers-common-1-27.module+el8.6.0+971+69b94baf.x86_64.r 12 MB/s | 95 kB 00:00
(6/57): criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64.rpm 25 MB/s | 517 kB 00:00
(7/57): crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64.rpm 21 MB/s | 208 kB 00:00
(8/57): fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64.r 11 MB/s | 72 kB 00:00
(9/57): libnet-1.1.6-15.el8.x86_64.rpm 11 MB/s | 66 kB 00:00
(10/57): libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64.rpm 11 MB/s | 69 kB 00:00
(11/57): buildah-1.24.2-4.module+el8.6.0+971+69b94baf.x86_64.rpm 24 MB/s | 8.0 MB 00:00
(12/57): podman-catatonit-4.0.2-6.module+el8.6.0+971+69b94baf.x86_6 21 MB/s | 353 kB 00:00
(13/57): protobuf-c-1.3.0-6.el8.x86_64.rpm 9.3 MB/s | 36 kB 00:00
(14/57): python3-pip-9.0.3-22.el8.rocky.0.noarch.rpm 4.9 MB/s | 19 kB 00:00
(15/57): python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch. 16 MB/s | 148 kB 00:00
(16/57): python3-pytoml-0.1.14-5.git7dea353.el8.noarch.rpm 4.4 MB/s | 24 kB 00:00
(17/57): python3-pyxdg-0.25-16.el8.noarch.rpm 18 MB/s | 93 kB 00:00
(18/57): python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64.rpm 5.0 MB/s | 18 kB 00:00
(19/57): runc-1.0.3-2.module+el8.6.0+971+69b94baf.x86_64.rpm 32 MB/s | 3.0 MB 00:00
(20/57): podman-4.0.2-6.module+el8.6.0+971+69b94baf.x86_64.rpm 33 MB/s | 13 MB 00:00
(21/57): slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64.rpm 7.1 MB/s | 50 kB 00:00
(22/57): toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64.rp 23 MB/s | 2.2 MB 00:00
(23/57): udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch.rpm 4.8 MB/s | 48 kB 00:00
(24/57): yajl-2.1.0-10.el8.x86_64.rpm 7.0 MB/s | 40 kB 00:00
(25/57): checkpolicy-2.9-1.el8.x86_64.rpm 33 MB/s | 345 kB 00:00
(26/57): cockpit-bridge-264.1-1.el8.x86_64.rpm 42 MB/s | 533 kB 00:00
(27/57): skopeo-1.6.1-2.module+el8.6.0+971+69b94baf.x86_64.rpm 26 MB/s | 6.7 MB 00:00
(28/57): dejavu-fonts-common-2.35-7.el8.noarch.rpm 2.3 MB/s | 73 kB 00:00
(29/57): fontpackages-filesystem-1.44-22.el8.noarch.rpm 3.1 MB/s | 15 kB 00:00
(30/57): fuse-common-3.3.0-15.el8.x86_64.rpm 4.9 MB/s | 21 kB 00:00
(31/57): dejavu-sans-mono-fonts-2.35-7.el8.noarch.rpm 23 MB/s | 446 kB 00:00
(32/57): fuse3-3.3.0-15.el8.x86_64.rpm 7.1 MB/s | 53 kB 00:00
(33/57): fuse3-libs-3.3.0-15.el8.x86_64.rpm 15 MB/s | 94 kB 00:00
(34/57): glib-networking-2.56.1-1.1.el8.x86_64.rpm 16 MB/s | 153 kB 00:00
(35/57): json-glib-1.4.4-1.el8.x86_64.rpm 18 MB/s | 143 kB 00:00
(36/57): gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm 34 MB/s | 632 kB 00:00
(37/57): libmodman-2.0.1-17.el8.x86_64.rpm 5.2 MB/s | 35 kB 00:00
(38/57): libproxy-0.4.15-5.2.el8.x86_64.rpm 16 MB/s | 73 kB 00:00
(39/57): policycoreutils-python-utils-2.9-19.el8.noarch.rpm 32 MB/s | 252 kB 00:00
(40/57): python3-audit-3.0.7-2.el8.2.x86_64.rpm 9.3 MB/s | 86 kB 00:00
(41/57): python3-chardet-3.0.4-7.el8.noarch.rpm 21 MB/s | 194 kB 00:00
(42/57): python3-idna-2.5-5.el8.noarch.rpm 10 MB/s | 96 kB 00:00
(43/57): python3-libsemanage-2.9-8.el8.x86_64.rpm 14 MB/s | 127 kB 00:00
(44/57): python3-pysocks-1.6.8-3.el8.noarch.rpm 6.6 MB/s | 33 kB 00:00
(45/57): containernetworking-plugins-1.0.1-2.module+el8.6.0+971+69b 24 MB/s | 18 MB 00:00
(46/57): python3-requests-2.20.0-2.1.el8_1.noarch.rpm 1.9 MB/s | 122 kB 00:00
(47/57): python3-setuptools-39.2.0-6.el8.noarch.rpm 9.6 MB/s | 162 kB 00:00
(48/57): python3-urllib3-1.24.2-5.el8.noarch.rpm 16 MB/s | 176 kB 00:00
(49/57): python3-setools-4.3.0-3.el8.x86_64.rpm 11 MB/s | 623 kB 00:00
(50/57): shadow-utils-subid-4.6-16.el8.x86_64.rpm 3.6 MB/s | 111 kB 00:00
(51/57): tar-1.30-5.el8.x86_64.rpm 22 MB/s | 837 kB 00:00
(52/57): audit-libs-3.0.7-2.el8.2.x86_64.rpm 14 MB/s | 122 kB 00:00
(53/57): python3-policycoreutils-2.9-19.el8.noarch.rpm 12 MB/s | 2.2 MB 00:00
(54/57): audit-3.0.7-2.el8.2.x86_64.rpm 3.3 MB/s | 262 kB 00:00
(55/57): libsemanage-2.9-8.el8.x86_64.rpm 4.3 MB/s | 167 kB 00:00
(56/57): policycoreutils-2.9-19.el8.x86_64.rpm 23 MB/s | 373 kB 00:00
(57/57): platform-python-pip-9.0.3-22.el8.rocky.0.noarch.rpm 31 MB/s | 1.6 MB 00:00
----------------------------------------------------------------------------------------------------
Total 45 MB/s | 64 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: audit-libs-3.0.7-2.el8.2.x86_64 1/1
Upgrading : audit-libs-3.0.7-2.el8.2.x86_64 1/62
Upgrading : libsemanage-2.9-8.el8.x86_64 2/62
Installing : python3-libsemanage-2.9-8.el8.x86_64 3/62
Upgrading : policycoreutils-2.9-19.el8.x86_64 4/62
Running scriptlet: policycoreutils-2.9-19.el8.x86_64 4/62
Installing : fuse3-libs-3.3.0-15.el8.x86_64 5/62
Running scriptlet: fuse3-libs-3.3.0-15.el8.x86_64 5/62
Installing : fontpackages-filesystem-1.44-22.el8.noarch 6/62
Installing : abattis-cantarell-fonts-0.0.25-6.el8.noarch 7/62
Installing : dejavu-fonts-common-2.35-7.el8.noarch 8/62
Installing : dejavu-sans-mono-fonts-2.35-7.el8.noarch 9/62
Installing : gsettings-desktop-schemas-3.32.0-6.el8.x86_64 10/62
Installing : shadow-utils-subid-2:4.6-16.el8.x86_64 11/62
Installing : python3-audit-3.0.7-2.el8.2.x86_64 12/62
Upgrading : platform-python-pip-9.0.3-22.el8.rocky.0.noarch 13/62
Installing : tar-2:1.30-5.el8.x86_64 14/62
Running scriptlet: tar-2:1.30-5.el8.x86_64 14/62
Installing : python3-setuptools-39.2.0-6.el8.noarch 15/62
Installing : python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64 16/62
Running scriptlet: python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64 16/62
Installing : python3-pip-9.0.3-22.el8.rocky.0.noarch 17/62
Installing : python3-setools-4.3.0-3.el8.x86_64 18/62
Installing : python3-pysocks-1.6.8-3.el8.noarch 19/62
Installing : python3-urllib3-1.24.2-5.el8.noarch 20/62
Installing : python3-idna-2.5-5.el8.noarch 21/62
Installing : python3-chardet-3.0.4-7.el8.noarch 22/62
Installing : python3-requests-2.20.0-2.1.el8_1.noarch 23/62
Installing : libmodman-2.0.1-17.el8.x86_64 24/62
Running scriptlet: libmodman-2.0.1-17.el8.x86_64 24/62
Installing : libproxy-0.4.15-5.2.el8.x86_64 25/62
Running scriptlet: libproxy-0.4.15-5.2.el8.x86_64 25/62
Installing : glib-networking-2.56.1-1.1.el8.x86_64 26/62
Installing : json-glib-1.4.4-1.el8.x86_64 27/62
Installing : cockpit-bridge-264.1-1.el8.x86_64 28/62
Installing : fuse-common-3.3.0-15.el8.x86_64 29/62
Installing : fuse3-3.3.0-15.el8.x86_64 30/62
Installing : fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64 31/62
Running scriptlet: fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64 31/62
Installing : checkpolicy-2.9-1.el8.x86_64 32/62
Installing : python3-policycoreutils-2.9-19.el8.noarch 33/62
Installing : policycoreutils-python-utils-2.9-19.el8.noarch 34/62
Running scriptlet: container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 35/62
Installing : container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 35/62
Running scriptlet: container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 35/62
Installing : yajl-2.1.0-10.el8.x86_64 36/62
Installing : crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64 37/62
Installing : python3-pyxdg-0.25-16.el8.noarch 38/62
Installing : python3-pytoml-0.1.14-5.git7dea353.el8.noarch 39/62
Installing : protobuf-c-1.3.0-6.el8.x86_64 40/62
Installing : libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64 41/62
Installing : slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64 42/62
Installing : libnet-1.1.6-15.el8.x86_64 43/62
Running scriptlet: libnet-1.1.6-15.el8.x86_64 43/62
Installing : criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64 44/62
Installing : runc-1:1.0.3-2.module+el8.6.0+971+69b94baf.x86_64 45/62
Installing : containers-common-2:1-27.module+el8.6.0+971+69b94baf.x86_64 46/62
Installing : containernetworking-plugins-1:1.0.1-2.module+el8.6.0+971+69b94baf.x86_ 47/62
Installing : conmon-2:2.1.0-1.module+el8.6.0+971+69b94baf.x86_64 48/62
Installing : podman-catatonit-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 49/62
Installing : podman-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 50/62
Installing : cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch 51/62
Installing : toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64 52/62
Installing : buildah-1:1.24.2-4.module+el8.6.0+971+69b94baf.x86_64 53/62
Installing : skopeo-2:1.6.1-2.module+el8.6.0+971+69b94baf.x86_64 54/62
Installing : python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch 55/62
Installing : udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch 56/62
Upgrading : audit-3.0.7-2.el8.2.x86_64 57/62
Running scriptlet: audit-3.0.7-2.el8.2.x86_64 57/62
Running scriptlet: policycoreutils-2.9-16.el8.x86_64 58/62
Cleanup : policycoreutils-2.9-16.el8.x86_64 58/62
Running scriptlet: audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 59/62
Cleanup : audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 59/62
Running scriptlet: audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 59/62
Cleanup : platform-python-pip-9.0.3-20.el8.rocky.0.noarch 60/62
Cleanup : libsemanage-2.9-6.el8.x86_64 61/62
Cleanup : audit-libs-3.0-0.17.20191104git1c2f876.el8.1.x86_64 62/62
Running scriptlet: container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 62/62
Running scriptlet: audit-libs-3.0-0.17.20191104git1c2f876.el8.1.x86_64 62/62
Verifying : abattis-cantarell-fonts-0.0.25-6.el8.noarch 1/62
Verifying : buildah-1:1.24.2-4.module+el8.6.0+971+69b94baf.x86_64 2/62
Verifying : cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch 3/62
Verifying : conmon-2:2.1.0-1.module+el8.6.0+971+69b94baf.x86_64 4/62
Verifying : container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 5/62
Verifying : containernetworking-plugins-1:1.0.1-2.module+el8.6.0+971+69b94baf.x86_ 6/62
Verifying : containers-common-2:1-27.module+el8.6.0+971+69b94baf.x86_64 7/62
Verifying : criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64 8/62
Verifying : crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64 9/62
Verifying : fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64 10/62
Verifying : libnet-1.1.6-15.el8.x86_64 11/62
Verifying : libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64 12/62
Verifying : podman-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 13/62
Verifying : podman-catatonit-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 14/62
Verifying : protobuf-c-1.3.0-6.el8.x86_64 15/62
Verifying : python3-pip-9.0.3-22.el8.rocky.0.noarch 16/62
Verifying : python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch 17/62
Verifying : python3-pytoml-0.1.14-5.git7dea353.el8.noarch 18/62
Verifying : python3-pyxdg-0.25-16.el8.noarch 19/62
Verifying : python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64 20/62
Verifying : runc-1:1.0.3-2.module+el8.6.0+971+69b94baf.x86_64 21/62
Verifying : skopeo-2:1.6.1-2.module+el8.6.0+971+69b94baf.x86_64 22/62
Verifying : slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64 23/62
Verifying : toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64 24/62
Verifying : udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch 25/62
Verifying : yajl-2.1.0-10.el8.x86_64 26/62
Verifying : checkpolicy-2.9-1.el8.x86_64 27/62
Verifying : cockpit-bridge-264.1-1.el8.x86_64 28/62
Verifying : dejavu-fonts-common-2.35-7.el8.noarch 29/62
Verifying : dejavu-sans-mono-fonts-2.35-7.el8.noarch 30/62
Verifying : fontpackages-filesystem-1.44-22.el8.noarch 31/62
Verifying : fuse-common-3.3.0-15.el8.x86_64 32/62
Verifying : fuse3-3.3.0-15.el8.x86_64 33/62
Verifying : fuse3-libs-3.3.0-15.el8.x86_64 34/62
Verifying : glib-networking-2.56.1-1.1.el8.x86_64 35/62
Verifying : gsettings-desktop-schemas-3.32.0-6.el8.x86_64 36/62
Verifying : json-glib-1.4.4-1.el8.x86_64 37/62
Verifying : libmodman-2.0.1-17.el8.x86_64 38/62
Verifying : libproxy-0.4.15-5.2.el8.x86_64 39/62
Verifying : policycoreutils-python-utils-2.9-19.el8.noarch 40/62
Verifying : python3-audit-3.0.7-2.el8.2.x86_64 41/62
Verifying : python3-chardet-3.0.4-7.el8.noarch 42/62
Verifying : python3-idna-2.5-5.el8.noarch 43/62
Verifying : python3-libsemanage-2.9-8.el8.x86_64 44/62
Verifying : python3-policycoreutils-2.9-19.el8.noarch 45/62
Verifying : python3-pysocks-1.6.8-3.el8.noarch 46/62
Verifying : python3-requests-2.20.0-2.1.el8_1.noarch 47/62
Verifying : python3-setools-4.3.0-3.el8.x86_64 48/62
Verifying : python3-setuptools-39.2.0-6.el8.noarch 49/62
Verifying : python3-urllib3-1.24.2-5.el8.noarch 50/62
Verifying : shadow-utils-subid-2:4.6-16.el8.x86_64 51/62
Verifying : tar-2:1.30-5.el8.x86_64 52/62
Verifying : audit-3.0.7-2.el8.2.x86_64 53/62
Verifying : audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 54/62
Verifying : audit-libs-3.0.7-2.el8.2.x86_64 55/62
Verifying : audit-libs-3.0-0.17.20191104git1c2f876.el8.1.x86_64 56/62
Verifying : libsemanage-2.9-8.el8.x86_64 57/62
Verifying : libsemanage-2.9-6.el8.x86_64 58/62
Verifying : platform-python-pip-9.0.3-22.el8.rocky.0.noarch 59/62
Verifying : platform-python-pip-9.0.3-20.el8.rocky.0.noarch 60/62
Verifying : policycoreutils-2.9-19.el8.x86_64 61/62
Verifying : policycoreutils-2.9-16.el8.x86_64 62/62
Upgraded:
audit-3.0.7-2.el8.2.x86_64 audit-libs-3.0.7-2.el8.2.x86_64
libsemanage-2.9-8.el8.x86_64 platform-python-pip-9.0.3-22.el8.rocky.0.noarch
policycoreutils-2.9-19.el8.x86_64
Installed:
abattis-cantarell-fonts-0.0.25-6.el8.noarch
buildah-1:1.24.2-4.module+el8.6.0+971+69b94baf.x86_64
checkpolicy-2.9-1.el8.x86_64
cockpit-bridge-264.1-1.el8.x86_64
cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch
conmon-2:2.1.0-1.module+el8.6.0+971+69b94baf.x86_64
container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch
containernetworking-plugins-1:1.0.1-2.module+el8.6.0+971+69b94baf.x86_64
containers-common-2:1-27.module+el8.6.0+971+69b94baf.x86_64
criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64
crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64
dejavu-fonts-common-2.35-7.el8.noarch
dejavu-sans-mono-fonts-2.35-7.el8.noarch
fontpackages-filesystem-1.44-22.el8.noarch
fuse-common-3.3.0-15.el8.x86_64
fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64
fuse3-3.3.0-15.el8.x86_64
fuse3-libs-3.3.0-15.el8.x86_64
glib-networking-2.56.1-1.1.el8.x86_64
gsettings-desktop-schemas-3.32.0-6.el8.x86_64
json-glib-1.4.4-1.el8.x86_64
libmodman-2.0.1-17.el8.x86_64
libnet-1.1.6-15.el8.x86_64
libproxy-0.4.15-5.2.el8.x86_64
libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64
podman-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64
podman-catatonit-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64
policycoreutils-python-utils-2.9-19.el8.noarch
protobuf-c-1.3.0-6.el8.x86_64
python3-audit-3.0.7-2.el8.2.x86_64
python3-chardet-3.0.4-7.el8.noarch
python3-idna-2.5-5.el8.noarch
python3-libsemanage-2.9-8.el8.x86_64
python3-pip-9.0.3-22.el8.rocky.0.noarch
python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch
python3-policycoreutils-2.9-19.el8.noarch
python3-pysocks-1.6.8-3.el8.noarch
python3-pytoml-0.1.14-5.git7dea353.el8.noarch
python3-pyxdg-0.25-16.el8.noarch
python3-requests-2.20.0-2.1.el8_1.noarch
python3-setools-4.3.0-3.el8.x86_64
python3-setuptools-39.2.0-6.el8.noarch
python3-urllib3-1.24.2-5.el8.noarch
python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64
runc-1:1.0.3-2.module+el8.6.0+971+69b94baf.x86_64
shadow-utils-subid-2:4.6-16.el8.x86_64
skopeo-2:1.6.1-2.module+el8.6.0+971+69b94baf.x86_64
slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64
tar-2:1.30-5.el8.x86_64
toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64
udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch
yajl-2.1.0-10.el8.x86_64
Complete!步骤2:创建普通用户wanlinwang,
[root@55a87a3acb63 ~]# useradd wanlinwang
[root@55a87a3acb63 ~]# echo password | passwd --stdin wanlinwang
Changing password for user wanlinwang.
passwd: all authentication tokens updated successfully.步骤3:打开linger特性。linger是允许用户在logout情况下可以跑long-running的服务。
[root@55a87a3acb63 ~]# loginctl enable-linger wanlinwang
[root@55a87a3acb63 ~]# loginctl show-user wanlinwang
UID=1001
GID=1001
Name=wanlinwang
Timestamp=Sat 2022-07-02 01:32:28 CEST
TimestampMonotonic=355372762
RuntimePath=/run/user/1001
Service=user@1001.service
Slice=user-1001.slice
State=lingering
Sessions=
IdleHint=yes
IdleSinceHint=0
IdleSinceHintMonotonic=0
Linger=yes步骤4:以wanlinwang登录本机,
[root@55a87a3acb63 ~]# ssh wanlinwang@localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:QlT07D/gCNOvYRiBlg/nXA6mtsMxbJjBOGlwyVqr8F0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
wanlinwang@localhost's password:
[wanlinwang@55a87a3acb63 ~]$ 步骤5:在wanlinwang的terminal,运行一个容器,
[wanlinwang@55a87a3acb63 ~]$ podman run -d --name mynginx -p 8081:80 docker.io/library/nginx
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob fe0ef4c895f5 done
Copying blob 8f46223e4234 done
Copying blob b85a868b505f done
Copying blob f4407ba1f103 done
Copying blob 4a7307612456 done
Copying blob 935cecace2a0 done
Copying config 55f4b40fe4 done
Writing manifest to image destination
Storing signatures
2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea551
[wanlinwang@55a87a3acb63 ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2ae92bd97141 docker.io/library/nginx:latest nginx -g daemon o... 4 seconds ago Up 4 seconds ago 0.0.0.0:8081->80/tcp mynginx
[wanlinwang@55a87a3acb63 ~]$ 从以上来看,成功以非root用户运行一个容器!接下来,我们看下如何让其自启动。
步骤6:创建服务文件,
[wanlinwang@55a87a3acb63 ~]$ mkdir -p ~/.config/systemd/user
[wanlinwang@55a87a3acb63 ~]$ cd ~/.config/systemd/user
[wanlinwang@55a87a3acb63 user]$ podman generate systemd --name mynginx --files
/home/wanlinwang/.config/systemd/user/container-mynginx.service
[wanlinwang@55a87a3acb63 user]$ cat container-mynginx.service
# container-mynginx.service
# autogenerated by Podman 4.0.2
# Sat Jul 2 01:35:55 CEST 2022
[Unit]
Description=Podman container-mynginx.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/run/user/1001/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start mynginx
ExecStop=/usr/bin/podman stop -t 10 mynginx
ExecStopPost=/usr/bin/podman stop -t 10 mynginx
PIDFile=/run/user/1001/containers/overlay-containers/2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea551/userdata/conmon.pid
Type=forking
[Install]
WantedBy=default.target
[wanlinwang@55a87a3acb63 user]$ 步骤7:reload服务文件,
[wanlinwang@55a87a3acb63 user]$ systemctl --user daemon-reload步骤8:停止当前运行的容器,
[wanlinwang@55a87a3acb63 user]$ podman stop mynginx
mynginx步骤9:打开开机自启动,
[wanlinwang@55a87a3acb63 user]$ systemctl --user enable --now container-mynginx.service
Created symlink /home/wanlinwang/.config/systemd/user/default.target.wants/container-mynginx.service → /home/wanlinwang/.config/systemd/user/container-mynginx.service.
[wanlinwang@55a87a3acb63 user]$ systemctl --user status container-mynginx.service
● container-mynginx.service - Podman container-mynginx.service
Loaded: loaded (/home/wanlinwang/.config/systemd/user/container-mynginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-07-02 01:38:01 CEST; 18s ago
Docs: man:podman-generate-systemd(1)
Process: 13340 ExecStart=/usr/bin/podman start mynginx (code=exited, status=0/SUCCESS)
Main PID: 13367 (conmon)
CGroup: /user.slice/user-1001.slice/user@1001.service/container-mynginx.service
├─13351 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --ena>
├─13353 rootlessport
├─13358 rootlessport-child
├─13367 /usr/bin/conmon --api-version 1 -c 2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea>
└─2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea551
├─13378 nginx: master process nginx -g daemon off;
├─13406 nginx: worker process
└─13407 nginx: worker process
[wanlinwang@55a87a3acb63 user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2ae92bd97141 docker.io/library/nginx:latest nginx -g daemon o... 4 minutes ago Up 37 seconds ago 0.0.0.0:8081->80/tcp mynginx参考资料
man loginctl手册
以上是关于RHCSA 02 - 自启动rootless容器的主要内容,如果未能解决你的问题,请参考以下文章
docker系列使用非root用户安装及启动docker(rootless模式运行)