SteveLauC
commented
3 months ago I am not familiar with this thing, a brief search shows that you can run docker/podman in rootless mode, if so, then are all the containers created by it rootless?
Open InnocentZero opened 3 months ago
SteveLauC
commented
3 months ago I am not familiar with this thing, a brief search shows that you can run docker/podman in rootless mode, if so, then are all the containers created by it rootless?
InnocentZero
commented
3 months ago By default, both docker and podman create containers in root mode. In fact, Archwiki says that running docker and podman in rootless requires CONFIG_USER_NS_UNPRIVILEGED to be on which is considered a security threat. As a result, linux-hardened kernel has disabled it by default.
I run a few docker containers in root mode, so it was a real bummer to see that docker updates weren't supported in root mode by topgrade.
If needed, I don't mind adding the feature myself either. Just that it will take time this way.
InnocentZero
commented
3 months ago Hi @SteveLauC any updates on this? If no one is free for implementing this, can you give me a quick guide on how to do it?
SteveLauC
commented
3 months ago I run a few docker containers in root mode, so it was a real bummer to see that docker updates weren't supported in root mode by topgrade.
Would you like to show me the output of topgrade only containers?
Topgrade should have a config switch that lets it choose if docker/podman containers are used as root or rootless.
If we are going to support this, would you like to show me how this config will look like, and what Togprade will do if these config options are enabled/disabled?
I want to suggest some general feature
Topgrade should have a config switch that lets it choose if docker/podman containers are used as root or rootless. This will let topgrade update the containers as required. I'm willing to test the upgrades of root containers if needed.