-
RHCSA 02 - 自启动rootless容器
前言
本文演示如何创建自启动rootless容器。
什么是rootless容器?
一般我们看到的容器,都是使用root账号启动。而rootless容器则指的是以非root账号启动的容器。
实践
步骤1:安装容器包
- [root@ad57f7d54660 ~]# dnf module install -y container-tools
- Rocky Linux 8 - AppStream 19 kB/s | 4.8 kB 00:00
- Rocky Linux 8 - AppStream 19 MB/s | 8.8 MB 00:00
- Rocky Linux 8 - BaseOS 18 kB/s | 4.3 kB 00:00
- Rocky Linux 8 - BaseOS 9.9 MB/s | 3.6 MB 00:00
- Rocky Linux 8 - Extras 16 kB/s | 3.5 kB 00:00
- Rocky Linux 8 - Extras 39 kB/s | 11 kB 00:00
- Dependencies resolved.
- ====================================================================================================
- Package Arch Version Repository Size
- ====================================================================================================
- Upgrading:
- audit x86_64 3.0.7-2.el8.2 baseos 262 k
- audit-libs x86_64 3.0.7-2.el8.2 baseos 122 k
- libsemanage x86_64 2.9-8.el8 baseos 167 k
- platform-python-pip noarch 9.0.3-22.el8.rocky.0 baseos 1.6 M
- policycoreutils x86_64 2.9-19.el8 baseos 373 k
- Installing group/module packages:
- buildah x86_64 1:1.24.2-4.module+el8.6.0+971+69b94baf appstream 8.0 M
- cockpit-podman noarch 43-1.module+el8.6.0+971+69b94baf appstream 492 k
- conmon x86_64 2:2.1.0-1.module+el8.6.0+971+69b94baf appstream 54 k
- container-selinux noarch 2:2.179.1-1.module+el8.6.0+971+69b94baf appstream 57 k
- containernetworking-plugins x86_64 1:1.0.1-2.module+el8.6.0+971+69b94baf appstream 18 M
- containers-common x86_64 2:1-27.module+el8.6.0+971+69b94baf appstream 95 k
- criu x86_64 3.15-3.module+el8.6.0+971+69b94baf appstream 517 k
- crun x86_64 1.4.4-1.module+el8.6.0+971+69b94baf appstream 208 k
- fuse-overlayfs x86_64 1.8.2-1.module+el8.6.0+971+69b94baf appstream 72 k
- libslirp x86_64 4.4.0-1.module+el8.6.0+971+69b94baf appstream 69 k
- podman x86_64 2:4.0.2-6.module+el8.6.0+971+69b94baf appstream 13 M
- python3-podman noarch 4.0.0-1.module+el8.6.0+785+d1251653 appstream 148 k
- runc x86_64 1:1.0.3-2.module+el8.6.0+971+69b94baf appstream 3.0 M
- skopeo x86_64 2:1.6.1-2.module+el8.6.0+971+69b94baf appstream 6.7 M
- slirp4netns x86_64 1.1.8-2.module+el8.6.0+971+69b94baf appstream 50 k
- toolbox x86_64 0.0.99.3-0.4.module+el8.6.0+971+69b94baf appstream 2.2 M
- udica noarch 0.2.6-3.module+el8.6.0+971+69b94baf appstream 48 k
- Installing dependencies:
- checkpolicy x86_64 2.9-1.el8 baseos 345 k
- cockpit-bridge x86_64 264.1-1.el8 baseos 533 k
- dejavu-fonts-common noarch 2.35-7.el8 baseos 73 k
- fontpackages-filesystem noarch 1.44-22.el8 baseos 15 k
- fuse-common x86_64 3.3.0-15.el8 baseos 21 k
- fuse3 x86_64 3.3.0-15.el8 baseos 53 k
- fuse3-libs x86_64 3.3.0-15.el8 baseos 94 k
- glib-networking x86_64 2.56.1-1.1.el8 baseos 153 k
- gsettings-desktop-schemas x86_64 3.32.0-6.el8 baseos 632 k
- json-glib x86_64 1.4.4-1.el8 baseos 143 k
- libmodman x86_64 2.0.1-17.el8 baseos 35 k
- libnet x86_64 1.1.6-15.el8 appstream 66 k
- libproxy x86_64 0.4.15-5.2.el8 baseos 73 k
- podman-catatonit x86_64 2:4.0.2-6.module+el8.6.0+971+69b94baf appstream 353 k
- policycoreutils-python-utils noarch 2.9-19.el8 baseos 252 k
- protobuf-c x86_64 1.3.0-6.el8 appstream 36 k
- python3-audit x86_64 3.0.7-2.el8.2 baseos 86 k
- python3-chardet noarch 3.0.4-7.el8 baseos 194 k
- python3-idna noarch 2.5-5.el8 baseos 96 k
- python3-libsemanage x86_64 2.9-8.el8 baseos 127 k
- python3-pip noarch 9.0.3-22.el8.rocky.0 appstream 19 k
- python3-policycoreutils noarch 2.9-19.el8 baseos 2.2 M
- python3-pysocks noarch 1.6.8-3.el8 baseos 33 k
- python3-pytoml noarch 0.1.14-5.git7dea353.el8 appstream 24 k
- python3-pyxdg noarch 0.25-16.el8 appstream 93 k
- python3-requests noarch 2.20.0-2.1.el8_1 baseos 122 k
- python3-setools x86_64 4.3.0-3.el8 baseos 623 k
- python3-setuptools noarch 39.2.0-6.el8 baseos 162 k
- python3-urllib3 noarch 1.24.2-5.el8 baseos 176 k
- python36 x86_64 3.6.8-38.module+el8.5.0+671+195e4563 appstream 18 k
- shadow-utils-subid x86_64 2:4.6-16.el8 baseos 111 k
- yajl x86_64 2.1.0-10.el8 appstream 40 k
- Installing weak dependencies:
- abattis-cantarell-fonts noarch 0.0.25-6.el8 appstream 154 k
- dejavu-sans-mono-fonts noarch 2.35-7.el8 baseos 446 k
- tar x86_64 2:1.30-5.el8 baseos 837 k
- Installing module profiles:
- container-tools/common
- Enabling module streams:
- container-tools rhel8
- python36 3.6
- Transaction Summary
- ====================================================================================================
- Install 52 Packages
- Upgrade 5 Packages
- Total download size: 64 M
- Downloading Packages:
- (1/57): abattis-cantarell-fonts-0.0.25-6.el8.noarch.rpm 2.0 MB/s | 154 kB 00:00 A
- (2/57): conmon-2.1.0-1.module+el8.6.0+971+69b94baf.x86_64.rpm 3.6 MB/s | 54 kB 00:00
- (3/57): cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch.rpm 4.8 MB/s | 492 kB 00:00
- (4/57): container-selinux-2.179.1-1.module+el8.6.0+971+69b94baf.noa 5.8 MB/s | 57 kB 00:00
- (5/57): containers-common-1-27.module+el8.6.0+971+69b94baf.x86_64.r 12 MB/s | 95 kB 00:00
- (6/57): criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64.rpm 25 MB/s | 517 kB 00:00
- (7/57): crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64.rpm 21 MB/s | 208 kB 00:00
- (8/57): fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64.r 11 MB/s | 72 kB 00:00
- (9/57): libnet-1.1.6-15.el8.x86_64.rpm 11 MB/s | 66 kB 00:00
- (10/57): libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64.rpm 11 MB/s | 69 kB 00:00
- (11/57): buildah-1.24.2-4.module+el8.6.0+971+69b94baf.x86_64.rpm 24 MB/s | 8.0 MB 00:00
- (12/57): podman-catatonit-4.0.2-6.module+el8.6.0+971+69b94baf.x86_6 21 MB/s | 353 kB 00:00
- (13/57): protobuf-c-1.3.0-6.el8.x86_64.rpm 9.3 MB/s | 36 kB 00:00
- (14/57): python3-pip-9.0.3-22.el8.rocky.0.noarch.rpm 4.9 MB/s | 19 kB 00:00
- (15/57): python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch. 16 MB/s | 148 kB 00:00
- (16/57): python3-pytoml-0.1.14-5.git7dea353.el8.noarch.rpm 4.4 MB/s | 24 kB 00:00
- (17/57): python3-pyxdg-0.25-16.el8.noarch.rpm 18 MB/s | 93 kB 00:00
- (18/57): python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64.rpm 5.0 MB/s | 18 kB 00:00
- (19/57): runc-1.0.3-2.module+el8.6.0+971+69b94baf.x86_64.rpm 32 MB/s | 3.0 MB 00:00
- (20/57): podman-4.0.2-6.module+el8.6.0+971+69b94baf.x86_64.rpm 33 MB/s | 13 MB 00:00
- (21/57): slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64.rpm 7.1 MB/s | 50 kB 00:00
- (22/57): toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64.rp 23 MB/s | 2.2 MB 00:00
- (23/57): udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch.rpm 4.8 MB/s | 48 kB 00:00
- (24/57): yajl-2.1.0-10.el8.x86_64.rpm 7.0 MB/s | 40 kB 00:00
- (25/57): checkpolicy-2.9-1.el8.x86_64.rpm 33 MB/s | 345 kB 00:00
- (26/57): cockpit-bridge-264.1-1.el8.x86_64.rpm 42 MB/s | 533 kB 00:00
- (27/57): skopeo-1.6.1-2.module+el8.6.0+971+69b94baf.x86_64.rpm 26 MB/s | 6.7 MB 00:00
- (28/57): dejavu-fonts-common-2.35-7.el8.noarch.rpm 2.3 MB/s | 73 kB 00:00
- (29/57): fontpackages-filesystem-1.44-22.el8.noarch.rpm 3.1 MB/s | 15 kB 00:00
- (30/57): fuse-common-3.3.0-15.el8.x86_64.rpm 4.9 MB/s | 21 kB 00:00
- (31/57): dejavu-sans-mono-fonts-2.35-7.el8.noarch.rpm 23 MB/s | 446 kB 00:00
- (32/57): fuse3-3.3.0-15.el8.x86_64.rpm 7.1 MB/s | 53 kB 00:00
- (33/57): fuse3-libs-3.3.0-15.el8.x86_64.rpm 15 MB/s | 94 kB 00:00
- (34/57): glib-networking-2.56.1-1.1.el8.x86_64.rpm 16 MB/s | 153 kB 00:00
- (35/57): json-glib-1.4.4-1.el8.x86_64.rpm 18 MB/s | 143 kB 00:00
- (36/57): gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm 34 MB/s | 632 kB 00:00
- (37/57): libmodman-2.0.1-17.el8.x86_64.rpm 5.2 MB/s | 35 kB 00:00
- (38/57): libproxy-0.4.15-5.2.el8.x86_64.rpm 16 MB/s | 73 kB 00:00
- (39/57): policycoreutils-python-utils-2.9-19.el8.noarch.rpm 32 MB/s | 252 kB 00:00
- (40/57): python3-audit-3.0.7-2.el8.2.x86_64.rpm 9.3 MB/s | 86 kB 00:00
- (41/57): python3-chardet-3.0.4-7.el8.noarch.rpm 21 MB/s | 194 kB 00:00
- (42/57): python3-idna-2.5-5.el8.noarch.rpm 10 MB/s | 96 kB 00:00
- (43/57): python3-libsemanage-2.9-8.el8.x86_64.rpm 14 MB/s | 127 kB 00:00
- (44/57): python3-pysocks-1.6.8-3.el8.noarch.rpm 6.6 MB/s | 33 kB 00:00
- (45/57): containernetworking-plugins-1.0.1-2.module+el8.6.0+971+69b 24 MB/s | 18 MB 00:00
- (46/57): python3-requests-2.20.0-2.1.el8_1.noarch.rpm 1.9 MB/s | 122 kB 00:00
- (47/57): python3-setuptools-39.2.0-6.el8.noarch.rpm 9.6 MB/s | 162 kB 00:00
- (48/57): python3-urllib3-1.24.2-5.el8.noarch.rpm 16 MB/s | 176 kB 00:00
- (49/57): python3-setools-4.3.0-3.el8.x86_64.rpm 11 MB/s | 623 kB 00:00
- (50/57): shadow-utils-subid-4.6-16.el8.x86_64.rpm 3.6 MB/s | 111 kB 00:00
- (51/57): tar-1.30-5.el8.x86_64.rpm 22 MB/s | 837 kB 00:00
- (52/57): audit-libs-3.0.7-2.el8.2.x86_64.rpm 14 MB/s | 122 kB 00:00
- (53/57): python3-policycoreutils-2.9-19.el8.noarch.rpm 12 MB/s | 2.2 MB 00:00
- (54/57): audit-3.0.7-2.el8.2.x86_64.rpm 3.3 MB/s | 262 kB 00:00
- (55/57): libsemanage-2.9-8.el8.x86_64.rpm 4.3 MB/s | 167 kB 00:00
- (56/57): policycoreutils-2.9-19.el8.x86_64.rpm 23 MB/s | 373 kB 00:00
- (57/57): platform-python-pip-9.0.3-22.el8.rocky.0.noarch.rpm 31 MB/s | 1.6 MB 00:00
- ----------------------------------------------------------------------------------------------------
- Total 45 MB/s | 64 MB 00:01
- Running transaction check
- Transaction check succeeded.
- Running transaction test
- Transaction test succeeded.
- Running transaction
- Preparing : 1/1
- Running scriptlet: audit-libs-3.0.7-2.el8.2.x86_64 1/1
- Upgrading : audit-libs-3.0.7-2.el8.2.x86_64 1/62
- Upgrading : libsemanage-2.9-8.el8.x86_64 2/62
- Installing : python3-libsemanage-2.9-8.el8.x86_64 3/62
- Upgrading : policycoreutils-2.9-19.el8.x86_64 4/62
- Running scriptlet: policycoreutils-2.9-19.el8.x86_64 4/62
- Installing : fuse3-libs-3.3.0-15.el8.x86_64 5/62
- Running scriptlet: fuse3-libs-3.3.0-15.el8.x86_64 5/62
- Installing : fontpackages-filesystem-1.44-22.el8.noarch 6/62
- Installing : abattis-cantarell-fonts-0.0.25-6.el8.noarch 7/62
- Installing : dejavu-fonts-common-2.35-7.el8.noarch 8/62
- Installing : dejavu-sans-mono-fonts-2.35-7.el8.noarch 9/62
- Installing : gsettings-desktop-schemas-3.32.0-6.el8.x86_64 10/62
- Installing : shadow-utils-subid-2:4.6-16.el8.x86_64 11/62
- Installing : python3-audit-3.0.7-2.el8.2.x86_64 12/62
- Upgrading : platform-python-pip-9.0.3-22.el8.rocky.0.noarch 13/62
- Installing : tar-2:1.30-5.el8.x86_64 14/62
- Running scriptlet: tar-2:1.30-5.el8.x86_64 14/62
- Installing : python3-setuptools-39.2.0-6.el8.noarch 15/62
- Installing : python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64 16/62
- Running scriptlet: python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64 16/62
- Installing : python3-pip-9.0.3-22.el8.rocky.0.noarch 17/62
- Installing : python3-setools-4.3.0-3.el8.x86_64 18/62
- Installing : python3-pysocks-1.6.8-3.el8.noarch 19/62
- Installing : python3-urllib3-1.24.2-5.el8.noarch 20/62
- Installing : python3-idna-2.5-5.el8.noarch 21/62
- Installing : python3-chardet-3.0.4-7.el8.noarch 22/62
- Installing : python3-requests-2.20.0-2.1.el8_1.noarch 23/62
- Installing : libmodman-2.0.1-17.el8.x86_64 24/62
- Running scriptlet: libmodman-2.0.1-17.el8.x86_64 24/62
- Installing : libproxy-0.4.15-5.2.el8.x86_64 25/62
- Running scriptlet: libproxy-0.4.15-5.2.el8.x86_64 25/62
- Installing : glib-networking-2.56.1-1.1.el8.x86_64 26/62
- Installing : json-glib-1.4.4-1.el8.x86_64 27/62
- Installing : cockpit-bridge-264.1-1.el8.x86_64 28/62
- Installing : fuse-common-3.3.0-15.el8.x86_64 29/62
- Installing : fuse3-3.3.0-15.el8.x86_64 30/62
- Installing : fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64 31/62
- Running scriptlet: fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64 31/62
- Installing : checkpolicy-2.9-1.el8.x86_64 32/62
- Installing : python3-policycoreutils-2.9-19.el8.noarch 33/62
- Installing : policycoreutils-python-utils-2.9-19.el8.noarch 34/62
- Running scriptlet: container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 35/62
- Installing : container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 35/62
- Running scriptlet: container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 35/62
- Installing : yajl-2.1.0-10.el8.x86_64 36/62
- Installing : crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64 37/62
- Installing : python3-pyxdg-0.25-16.el8.noarch 38/62
- Installing : python3-pytoml-0.1.14-5.git7dea353.el8.noarch 39/62
- Installing : protobuf-c-1.3.0-6.el8.x86_64 40/62
- Installing : libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64 41/62
- Installing : slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64 42/62
- Installing : libnet-1.1.6-15.el8.x86_64 43/62
- Running scriptlet: libnet-1.1.6-15.el8.x86_64 43/62
- Installing : criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64 44/62
- Installing : runc-1:1.0.3-2.module+el8.6.0+971+69b94baf.x86_64 45/62
- Installing : containers-common-2:1-27.module+el8.6.0+971+69b94baf.x86_64 46/62
- Installing : containernetworking-plugins-1:1.0.1-2.module+el8.6.0+971+69b94baf.x86_ 47/62
- Installing : conmon-2:2.1.0-1.module+el8.6.0+971+69b94baf.x86_64 48/62
- Installing : podman-catatonit-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 49/62
- Installing : podman-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 50/62
- Installing : cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch 51/62
- Installing : toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64 52/62
- Installing : buildah-1:1.24.2-4.module+el8.6.0+971+69b94baf.x86_64 53/62
- Installing : skopeo-2:1.6.1-2.module+el8.6.0+971+69b94baf.x86_64 54/62
- Installing : python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch 55/62
- Installing : udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch 56/62
- Upgrading : audit-3.0.7-2.el8.2.x86_64 57/62
- Running scriptlet: audit-3.0.7-2.el8.2.x86_64 57/62
- Running scriptlet: policycoreutils-2.9-16.el8.x86_64 58/62
- Cleanup : policycoreutils-2.9-16.el8.x86_64 58/62
- Running scriptlet: audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 59/62
- Cleanup : audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 59/62
- Running scriptlet: audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 59/62
- Cleanup : platform-python-pip-9.0.3-20.el8.rocky.0.noarch 60/62
- Cleanup : libsemanage-2.9-6.el8.x86_64 61/62
- Cleanup : audit-libs-3.0-0.17.20191104git1c2f876.el8.1.x86_64 62/62
- Running scriptlet: container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 62/62
- Running scriptlet: audit-libs-3.0-0.17.20191104git1c2f876.el8.1.x86_64 62/62
- Verifying : abattis-cantarell-fonts-0.0.25-6.el8.noarch 1/62
- Verifying : buildah-1:1.24.2-4.module+el8.6.0+971+69b94baf.x86_64 2/62
- Verifying : cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch 3/62
- Verifying : conmon-2:2.1.0-1.module+el8.6.0+971+69b94baf.x86_64 4/62
- Verifying : container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch 5/62
- Verifying : containernetworking-plugins-1:1.0.1-2.module+el8.6.0+971+69b94baf.x86_ 6/62
- Verifying : containers-common-2:1-27.module+el8.6.0+971+69b94baf.x86_64 7/62
- Verifying : criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64 8/62
- Verifying : crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64 9/62
- Verifying : fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64 10/62
- Verifying : libnet-1.1.6-15.el8.x86_64 11/62
- Verifying : libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64 12/62
- Verifying : podman-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 13/62
- Verifying : podman-catatonit-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64 14/62
- Verifying : protobuf-c-1.3.0-6.el8.x86_64 15/62
- Verifying : python3-pip-9.0.3-22.el8.rocky.0.noarch 16/62
- Verifying : python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch 17/62
- Verifying : python3-pytoml-0.1.14-5.git7dea353.el8.noarch 18/62
- Verifying : python3-pyxdg-0.25-16.el8.noarch 19/62
- Verifying : python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64 20/62
- Verifying : runc-1:1.0.3-2.module+el8.6.0+971+69b94baf.x86_64 21/62
- Verifying : skopeo-2:1.6.1-2.module+el8.6.0+971+69b94baf.x86_64 22/62
- Verifying : slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64 23/62
- Verifying : toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64 24/62
- Verifying : udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch 25/62
- Verifying : yajl-2.1.0-10.el8.x86_64 26/62
- Verifying : checkpolicy-2.9-1.el8.x86_64 27/62
- Verifying : cockpit-bridge-264.1-1.el8.x86_64 28/62
- Verifying : dejavu-fonts-common-2.35-7.el8.noarch 29/62
- Verifying : dejavu-sans-mono-fonts-2.35-7.el8.noarch 30/62
- Verifying : fontpackages-filesystem-1.44-22.el8.noarch 31/62
- Verifying : fuse-common-3.3.0-15.el8.x86_64 32/62
- Verifying : fuse3-3.3.0-15.el8.x86_64 33/62
- Verifying : fuse3-libs-3.3.0-15.el8.x86_64 34/62
- Verifying : glib-networking-2.56.1-1.1.el8.x86_64 35/62
- Verifying : gsettings-desktop-schemas-3.32.0-6.el8.x86_64 36/62
- Verifying : json-glib-1.4.4-1.el8.x86_64 37/62
- Verifying : libmodman-2.0.1-17.el8.x86_64 38/62
- Verifying : libproxy-0.4.15-5.2.el8.x86_64 39/62
- Verifying : policycoreutils-python-utils-2.9-19.el8.noarch 40/62
- Verifying : python3-audit-3.0.7-2.el8.2.x86_64 41/62
- Verifying : python3-chardet-3.0.4-7.el8.noarch 42/62
- Verifying : python3-idna-2.5-5.el8.noarch 43/62
- Verifying : python3-libsemanage-2.9-8.el8.x86_64 44/62
- Verifying : python3-policycoreutils-2.9-19.el8.noarch 45/62
- Verifying : python3-pysocks-1.6.8-3.el8.noarch 46/62
- Verifying : python3-requests-2.20.0-2.1.el8_1.noarch 47/62
- Verifying : python3-setools-4.3.0-3.el8.x86_64 48/62
- Verifying : python3-setuptools-39.2.0-6.el8.noarch 49/62
- Verifying : python3-urllib3-1.24.2-5.el8.noarch 50/62
- Verifying : shadow-utils-subid-2:4.6-16.el8.x86_64 51/62
- Verifying : tar-2:1.30-5.el8.x86_64 52/62
- Verifying : audit-3.0.7-2.el8.2.x86_64 53/62
- Verifying : audit-3.0-0.17.20191104git1c2f876.el8.1.x86_64 54/62
- Verifying : audit-libs-3.0.7-2.el8.2.x86_64 55/62
- Verifying : audit-libs-3.0-0.17.20191104git1c2f876.el8.1.x86_64 56/62
- Verifying : libsemanage-2.9-8.el8.x86_64 57/62
- Verifying : libsemanage-2.9-6.el8.x86_64 58/62
- Verifying : platform-python-pip-9.0.3-22.el8.rocky.0.noarch 59/62
- Verifying : platform-python-pip-9.0.3-20.el8.rocky.0.noarch 60/62
- Verifying : policycoreutils-2.9-19.el8.x86_64 61/62
- Verifying : policycoreutils-2.9-16.el8.x86_64 62/62
- Upgraded:
- audit-3.0.7-2.el8.2.x86_64 audit-libs-3.0.7-2.el8.2.x86_64
- libsemanage-2.9-8.el8.x86_64 platform-python-pip-9.0.3-22.el8.rocky.0.noarch
- policycoreutils-2.9-19.el8.x86_64
- Installed:
- abattis-cantarell-fonts-0.0.25-6.el8.noarch
- buildah-1:1.24.2-4.module+el8.6.0+971+69b94baf.x86_64
- checkpolicy-2.9-1.el8.x86_64
- cockpit-bridge-264.1-1.el8.x86_64
- cockpit-podman-43-1.module+el8.6.0+971+69b94baf.noarch
- conmon-2:2.1.0-1.module+el8.6.0+971+69b94baf.x86_64
- container-selinux-2:2.179.1-1.module+el8.6.0+971+69b94baf.noarch
- containernetworking-plugins-1:1.0.1-2.module+el8.6.0+971+69b94baf.x86_64
- containers-common-2:1-27.module+el8.6.0+971+69b94baf.x86_64
- criu-3.15-3.module+el8.6.0+971+69b94baf.x86_64
- crun-1.4.4-1.module+el8.6.0+971+69b94baf.x86_64
- dejavu-fonts-common-2.35-7.el8.noarch
- dejavu-sans-mono-fonts-2.35-7.el8.noarch
- fontpackages-filesystem-1.44-22.el8.noarch
- fuse-common-3.3.0-15.el8.x86_64
- fuse-overlayfs-1.8.2-1.module+el8.6.0+971+69b94baf.x86_64
- fuse3-3.3.0-15.el8.x86_64
- fuse3-libs-3.3.0-15.el8.x86_64
- glib-networking-2.56.1-1.1.el8.x86_64
- gsettings-desktop-schemas-3.32.0-6.el8.x86_64
- json-glib-1.4.4-1.el8.x86_64
- libmodman-2.0.1-17.el8.x86_64
- libnet-1.1.6-15.el8.x86_64
- libproxy-0.4.15-5.2.el8.x86_64
- libslirp-4.4.0-1.module+el8.6.0+971+69b94baf.x86_64
- podman-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64
- podman-catatonit-2:4.0.2-6.module+el8.6.0+971+69b94baf.x86_64
- policycoreutils-python-utils-2.9-19.el8.noarch
- protobuf-c-1.3.0-6.el8.x86_64
- python3-audit-3.0.7-2.el8.2.x86_64
- python3-chardet-3.0.4-7.el8.noarch
- python3-idna-2.5-5.el8.noarch
- python3-libsemanage-2.9-8.el8.x86_64
- python3-pip-9.0.3-22.el8.rocky.0.noarch
- python3-podman-4.0.0-1.module+el8.6.0+785+d1251653.noarch
- python3-policycoreutils-2.9-19.el8.noarch
- python3-pysocks-1.6.8-3.el8.noarch
- python3-pytoml-0.1.14-5.git7dea353.el8.noarch
- python3-pyxdg-0.25-16.el8.noarch
- python3-requests-2.20.0-2.1.el8_1.noarch
- python3-setools-4.3.0-3.el8.x86_64
- python3-setuptools-39.2.0-6.el8.noarch
- python3-urllib3-1.24.2-5.el8.noarch
- python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64
- runc-1:1.0.3-2.module+el8.6.0+971+69b94baf.x86_64
- shadow-utils-subid-2:4.6-16.el8.x86_64
- skopeo-2:1.6.1-2.module+el8.6.0+971+69b94baf.x86_64
- slirp4netns-1.1.8-2.module+el8.6.0+971+69b94baf.x86_64
- tar-2:1.30-5.el8.x86_64
- toolbox-0.0.99.3-0.4.module+el8.6.0+971+69b94baf.x86_64
- udica-0.2.6-3.module+el8.6.0+971+69b94baf.noarch
- yajl-2.1.0-10.el8.x86_64
- Complete!
步骤2:创建普通用户wanlinwang,
- [root@55a87a3acb63 ~]# useradd wanlinwang
- [root@55a87a3acb63 ~]# echo password | passwd --stdin wanlinwang
- Changing password for user wanlinwang.
- passwd: all authentication tokens updated successfully.
步骤3:打开linger特性。linger是允许用户在logout情况下可以跑long-running的服务。
- [root@55a87a3acb63 ~]# loginctl enable-linger wanlinwang
- [root@55a87a3acb63 ~]# loginctl show-user wanlinwang
- UID=1001
- GID=1001
- Name=wanlinwang
- Timestamp=Sat 2022-07-02 01:32:28 CEST
- TimestampMonotonic=355372762
- RuntimePath=/run/user/1001
- Service=user@1001.service
- Slice=user-1001.slice
- State=lingering
- Sessions=
- IdleHint=yes
- IdleSinceHint=0
- IdleSinceHintMonotonic=0
- Linger=yes
步骤4:以wanlinwang登录本机,
- [root@55a87a3acb63 ~]# ssh wanlinwang@localhost
- The authenticity of host 'localhost (::1)' can't be established.
- ECDSA key fingerprint is SHA256:QlT07D/gCNOvYRiBlg/nXA6mtsMxbJjBOGlwyVqr8F0.
- Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
- Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
- wanlinwang@localhost's password:
- [wanlinwang@55a87a3acb63 ~]$
步骤5:在wanlinwang的terminal,运行一个容器,
- [wanlinwang@55a87a3acb63 ~]$ podman run -d --name mynginx -p 8081:80 docker.io/library/nginx
- Trying to pull docker.io/library/nginx:latest...
- Getting image source signatures
- Copying blob fe0ef4c895f5 done
- Copying blob 8f46223e4234 done
- Copying blob b85a868b505f done
- Copying blob f4407ba1f103 done
- Copying blob 4a7307612456 done
- Copying blob 935cecace2a0 done
- Copying config 55f4b40fe4 done
- Writing manifest to image destination
- Storing signatures
- 2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea551
- [wanlinwang@55a87a3acb63 ~]$ podman ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 2ae92bd97141 docker.io/library/nginx:latest nginx -g daemon o... 4 seconds ago Up 4 seconds ago 0.0.0.0:8081->80/tcp mynginx
- [wanlinwang@55a87a3acb63 ~]$
从以上来看,成功以非root用户运行一个容器!接下来,我们看下如何让其自启动。
步骤6:创建服务文件,
- [wanlinwang@55a87a3acb63 ~]$ mkdir -p ~/.config/systemd/user
- [wanlinwang@55a87a3acb63 ~]$ cd ~/.config/systemd/user
- [wanlinwang@55a87a3acb63 user]$ podman generate systemd --name mynginx --files
- /home/wanlinwang/.config/systemd/user/container-mynginx.service
- [wanlinwang@55a87a3acb63 user]$ cat container-mynginx.service
- # container-mynginx.service
- # autogenerated by Podman 4.0.2
- # Sat Jul 2 01:35:55 CEST 2022
- [Unit]
- Description=Podman container-mynginx.service
- Documentation=man:podman-generate-systemd(1)
- Wants=network-online.target
- After=network-online.target
- RequiresMountsFor=/run/user/1001/containers
- [Service]
- Environment=PODMAN_SYSTEMD_UNIT=%n
- Restart=on-failure
- TimeoutStopSec=70
- ExecStart=/usr/bin/podman start mynginx
- ExecStop=/usr/bin/podman stop -t 10 mynginx
- ExecStopPost=/usr/bin/podman stop -t 10 mynginx
- PIDFile=/run/user/1001/containers/overlay-containers/2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea551/userdata/conmon.pid
- Type=forking
- [Install]
- WantedBy=default.target
- [wanlinwang@55a87a3acb63 user]$
步骤7:reload服务文件,
[wanlinwang@55a87a3acb63 user]$ systemctl --user daemon-reload步骤8:停止当前运行的容器,
- [wanlinwang@55a87a3acb63 user]$ podman stop mynginx
- mynginx
步骤9:打开开机自启动,
- [wanlinwang@55a87a3acb63 user]$ systemctl --user enable --now container-mynginx.service
- Created symlink /home/wanlinwang/.config/systemd/user/default.target.wants/container-mynginx.service → /home/wanlinwang/.config/systemd/user/container-mynginx.service.
- [wanlinwang@55a87a3acb63 user]$ systemctl --user status container-mynginx.service
- ● container-mynginx.service - Podman container-mynginx.service
- Loaded: loaded (/home/wanlinwang/.config/systemd/user/container-mynginx.service; enabled; vendor preset: enabled)
- Active: active (running) since Sat 2022-07-02 01:38:01 CEST; 18s ago
- Docs: man:podman-generate-systemd(1)
- Process: 13340 ExecStart=/usr/bin/podman start mynginx (code=exited, status=0/SUCCESS)
- Main PID: 13367 (conmon)
- CGroup: /user.slice/user-1001.slice/user@1001.service/container-mynginx.service
- ├─13351 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --ena>
- ├─13353 rootlessport
- ├─13358 rootlessport-child
- ├─13367 /usr/bin/conmon --api-version 1 -c 2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea>
- └─2ae92bd97141cf76605d5a798a6938fe93676485b8d550927aaffe11a93ea551
- ├─13378 nginx: master process nginx -g daemon off;
- ├─13406 nginx: worker process
- └─13407 nginx: worker process
- [wanlinwang@55a87a3acb63 user]$ podman ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 2ae92bd97141 docker.io/library/nginx:latest nginx -g daemon o... 4 minutes ago Up 37 seconds ago 0.0.0.0:8081->80/tcp mynginx
参考资料
man loginctl手册
-
相关阅读:
python使用memory_profiler分析代码运行内存占用
项目实战——Web自动化测试
docker 安装minio 一脚shell脚本
[机缘参悟-52]:交浅言深要因人而异
dumpsys meminfo 详解
React重新渲染指南
智慧公厕管理系统:科技赋能城市公共卫生服务的便利
网络安全笔记 -- RCE代码及命令执行漏洞
antd4 icon使用svg
正版授权 | DaisyDisk 4 Mac 磁盘数据分析清理工具软件
- 原文地址:https://blog.csdn.net/thesre/article/details/125568489
