问题
I installed podman on RHEL 7.6 and can run normal docker command with sudo
sudo podman run hello-world
Is there a way to run it without sudo, without using usernamespace (similar to adding your user to the docker group when using regular docker command)?
I understand that when run as a non-root user, podman uses usernamespace. But I am not able to enable/ setup suid on the machine (LDAP etc.)
Currently, when run as a non-root user, I get this
user namespaces are not enabled in /proc/sys/user/max_user_namespaces
ERRO[0000] cannot re-exec process
回答1:
If you're running Podman and you're not the root user and you're not using sudo, i.e. "rootless", then you or your administrator has to enable user namespaces on the system in order for it to work fully. Only a very few commands such as "podman version" will work in a rootless environment without user namespaces being set up.
The error that you're seeing would have to be taken care of by someone with administrative privileges with a command like sysctl user.max_user_namespaces=15000 which would enable 15,000 usernamespaces on the system. In addition the shadows-utils package would need to be installed on the system and the /etc/subuid and /etc/subgid files would have to have entries like:
username:100000:65536
in each for each user wanting to have usernamespace enabled for them.
来源:https://stackoverflow.com/questions/56296932/run-privileged-podman-without-sudo-and-without-usernamespace