Open InnocentZero opened 3 months ago
I am not familiar with this thing, a brief search shows that you can run docker/podman
in rootless mode, if so, then are all the containers created by it rootless?
By default, both docker and podman create containers in root mode. In fact, Archwiki says that running docker and podman in rootless requires CONFIG_USER_NS_UNPRIVILEGED
to be on which is considered a security threat. As a result, linux-hardened
kernel has disabled it by default.
I run a few docker containers in root mode, so it was a real bummer to see that docker updates weren't supported in root mode by topgrade.
If needed, I don't mind adding the feature myself either. Just that it will take time this way.
Hi @SteveLauC any updates on this? If no one is free for implementing this, can you give me a quick guide on how to do it?
I run a few docker containers in root mode, so it was a real bummer to see that docker updates weren't supported in root mode by topgrade.
Would you like to show me the output of topgrade only containers
?
Topgrade should have a config switch that lets it choose if docker/podman containers are used as root or rootless.
If we are going to support this, would you like to show me how this config will look like, and what Togprade will do if these config options are enabled/disabled?
I want to suggest some general feature
Topgrade should have a config switch that lets it choose if docker/podman containers are used as root or rootless. This will let topgrade update the containers as required. I'm willing to test the upgrades of root containers if needed.