Skip to content

Instantly share code, notes, and snippets.

@coderofsalvation

coderofsalvation/howto rootless podman container connecting to REST api docker.sock.md.md

Last active April 19, 2023 17:05
Show Gist options
  • Save coderofsalvation/880da1ca30f46270ae61562bb9b92c93 to your computer and use it in GitHub Desktop.
Save coderofsalvation/880da1ca30f46270ae61562bb9b92c93 to your computer and use it in GitHub Desktop.
Download ZIP
howto rootless podman container connecting to REST api /var/run/docker.sock
Raw
howto rootless podman container connecting to REST api docker.sock.md.md

Ok I was struggling a bit finding info about this. In a nutshell:

  • /var/run/docker.sock only works for root(ful) containers
  • there's no rootless socket-file created by default (you need to run an API listener service)

STEP 1: run API listener service (to create socketfile)

# whoami
root
# su -l john -c 'podman system service --time 0' &>/var/log/podman.john.log  # move this to boot/init script e.g.
# chmod 660 $(podman info|grep 'podman.sock'| awk '{print $2}')  # https://github.com/containers/podman/issues/6787

nice..now john's podman.sock is alive

STEP 2: run docker

here's a rootless a container which uses a socket-file to control podman (as john):

$ whoami
john
$ cat start.sh

socket=/var/run/docker.sock
test $(whoami) = root || {
  socket=$(podman info|grep 'podman.sock'| awk '{print $2}')  # run 'podman info' to verify
  chmod 660 $socket                                           # otherwise container can still not access the socketfile
}
podman run --security-opt label=disable       \  `# see https://docs.podman.io/en/latest/markdown/podman-system-service.1.html
           -d -v $socket:/var/run/docker.sock \
           -p 8000:8000 --name=yacht ghcr.io/selfhostedpro/yacht:latest

$ ./start.sh
634efa34ef6a4ef5a6e3fa563efa566665a6
$
``

> PROFIT!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment