Podman VM

From Michael's Information Zone
Revision as of 10:09, 20 January 2020 by Michael.mast (talk | contribs) (Created page with "==Purpose== I wanted to run my containers in a dedicated VM on my system. This was to reduce complexity on the host. KVM was already configured and the process can be found he...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Purpose

I wanted to run my containers in a dedicated VM on my system. This was to reduce complexity on the host. KVM was already configured and the process can be found here.

General Process

  • Using virtmanager, I created an isolated network to allow for NFS sharing from the host to the container VM. I then removed SSH from firewalld on the libvirt zone, obviously while here I added NFS.
  • Created the NFS share on the host
  • Mounted NFS share to VM.


Starting the containers was a real pain with SELinux and the NFS mount. I could not get podman to be allowed to relabel the context away from the standard NFS label. So in the end I disabled this feature which is really annoying. I don't like the idea of a compromised container being able to jump around to other directories.

[1]

--security-opt label=disable
podman run --security-opt label=disable --name steamcache /
--restart=always -d -v /mnt/sitefiles/steamcache:/data/cache /
-v /mnt/sitefiles/steamcache/logs:/data/logs /
-p 192.168.11.99:80:80 steamcache/monolithic:latest
  1. https://github.com/containers/libpod/issues/759
Retrieved from "https://wiki.1701technology.com/index.php?title=Podman_VM&oldid=1345"