在没有 sudo 的情况下运行特权 podman(并且没有用户名空间) [英] Run privileged podman without sudo (and without usernamespace)
问题描述
我在 RHEL 7.6 上安装了 podman,并且可以使用 sudo 运行正常的 docker 命令
I installed podman on RHEL 7.6 and can run normal docker command with sudo
sudo podman run hello-world
有没有办法在不使用 sudo、不使用用户名空间的情况下运行它(类似于在使用常规 docker 命令时将用户添加到 docker 组)?
Is there a way to run it without sudo, without using usernamespace (similar to adding your user to the docker group when using regular docker command)?
我了解当以非 root 用户身份运行时,podman 使用用户名空间.但我无法在机器上启用/设置 suid(LDAP 等)
I understand that when run as a non-root user, podman uses usernamespace. But I am not able to enable/ setup suid on the machine (LDAP etc.)
目前,当以非 root 用户身份运行时,我得到了这个
Currently, when run as a non-root user, I get this
user namespaces are not enabled in /proc/sys/user/max_user_namespaces
ERRO[0000] cannot re-exec process
推荐答案
如果您正在运行 Podman 并且您不是 root 用户并且您没有使用 sudo,即无根",那么您或您的管理员有在系统上启用用户命名空间以使其充分工作.在没有设置用户命名空间的情况下,只有极少数命令(例如podman 版本")可以在无根环境中工作.
If you're running Podman and you're not the root user and you're not using sudo, i.e. "rootless", then you or your administrator has to enable user namespaces on the system in order for it to work fully. Only a very few commands such as "podman version" will work in a rootless environment without user namespaces being set up.
您看到的错误必须由具有管理权限的人使用 sysctl user.max_user_namespaces=15000 之类的命令来处理,该命令将在系统上启用 15,000 个用户名空间.此外,需要在系统上安装 shadows-utils 包,并且/etc/subuid 和/etc/subgid 文件必须具有以下条目:
The error that you're seeing would have to be taken care of by someone with administrative privileges with a command like sysctl user.max_user_namespaces=15000 which would enable 15,000 usernamespaces on the system. In addition the shadows-utils package would need to be installed on the system and the /etc/subuid and /etc/subgid files would have to have entries like:
用户名:100000:65536
username:100000:65536
在每个想要为他们启用用户名空间的用户中.
in each for each user wanting to have usernamespace enabled for them.
这篇关于在没有 sudo 的情况下运行特权 podman(并且没有用户名空间)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
