$ podman version
Client: Podman Engine
Version: 4.6.1
API Version: 4.6.1
Go Version: go1.20.7
Built: Fri Aug 11 07:07:53 2023
OS/Arch: linux/amd64
$ podman version
Client: Podman Engine
Version: 4.5.1
API Version: 4.5.1
Go Version: go1.20.4
Built: Sat May 27 02:58:19 2023
OS/Arch: linux/arm64
Original
$ podman inspect registry.access.redhat.com/ubi8
4.5.1
$ podman pull registry.access.redhat.com/ubi8
Trying to pull registry.access.redhat.com/ubi8:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob bea2a0b08f4f done
Copying config 7e569fa199 done
Writing manifest to image destination
Storing signatures
7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714
$ podman inspect registry.access.redhat.com/ubi8
[
{
"Id": "7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714",
"Digest": "sha256:b6616b280ec23c2283ac10e19dd3cd4c8e6df14599f6d93f662ca261273097a9",
"RepoTags": [
"registry.access.redhat.com/ubi8:latest"
],
"RepoDigests": [
"registry.access.redhat.com/ubi8@sha256:64cee7b543ac539d0a45a59f607b5248f2a332038c1214ac920b9d7bf6708f61",
"registry.access.redhat.com/ubi8@sha256:b6616b280ec23c2283ac10e19dd3cd4c8e6df14599f6d93f662ca261273097a9"
],
"Parent": "",
"Comment": "",
"Created": "2023-08-02T16:13:48.942758336Z",
"Config": {
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"container=oci"
],
"Cmd": [
"/bin/bash"
],
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T16:01:51",
"com.redhat.component": "ubi8-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"io.k8s.display-name": "Red Hat Universal Base Image 8",
"io.openshift.expose-services": "",
"io.openshift.tags": "base rhel8",
"maintainer": "Red Hat, Inc.",
"name": "ubi8",
"release": "1032",
"summary": "Provides the latest release of Red Hat Universal Base Image 8.",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032",
"vcs-ref": "384f2bb33eebab960262e967aa16d01fe2dbebff",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "8.8"
}
},
"Version": "",
"Author": "",
"Architecture": "amd64",
"Os": "linux",
"Size": 214836852,
"VirtualSize": 214836852,
"GraphDriver": {
"Name": "overlay",
"Data": {
"UpperDir": "/home/shtanaka/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/diff",
"WorkDir": "/home/shtanaka/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/work"
}
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6"
]
},
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T16:01:51",
"com.redhat.component": "ubi8-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"io.k8s.display-name": "Red Hat Universal Base Image 8",
"io.openshift.expose-services": "",
"io.openshift.tags": "base rhel8",
"maintainer": "Red Hat, Inc.",
"name": "ubi8",
"release": "1032",
"summary": "Provides the latest release of Red Hat Universal Base Image 8.",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032",
"vcs-ref": "384f2bb33eebab960262e967aa16d01fe2dbebff",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "8.8"
},
"Annotations": {},
"ManifestType": "application/vnd.docker.distribution.manifest.v2+json",
"User": "",
"History": [
{
"created": "2023-08-02T16:13:43.413855867Z",
"created_by": "/bin/sh -c #(nop) ADD file:66850d5e06c92b8217827133037551e15038c13d34d93849bbbae9b267ebfcab in / ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.234844694Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.504605478Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821005175Z",
"created_by": "/bin/sh -c #(nop) ADD multi:dad1054d72a3e8b4c584c001e3dcf03e2e308d6704afa67bdb7e61f11a6faa13 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82105276Z",
"created_by": "/bin/sh -c #(nop) LABEL maintainer=\"Red Hat, Inc.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821147126Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.component=\"ubi8-container\" name=\"ubi8\" version=\"8.8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821198865Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82123808Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"Provides the latest release of Red Hat Universal Base Image 8.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821341507Z",
"created_by": "/bin/sh -c #(nop) LABEL description=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821378364Z",
"created_by": "/bin/sh -c #(nop) LABEL io.k8s.display-name=\"Red Hat Universal Base Image 8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821395512Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.expose-services=\"\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82141745Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.tags=\"base rhel8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821430402Z",
"created_by": "/bin/sh -c #(nop) ENV container oci",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821470331Z",
"created_by": "/bin/sh -c #(nop) ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821477084Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:45.639824443Z",
"created_by": "/bin/sh -c rm -rf /var/log/*",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334926485Z",
"created_by": "/bin/sh -c mkdir -p /var/log/rhsm",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334990462Z",
"created_by": "/bin/sh -c #(nop) LABEL release=1032",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.610152303Z",
"created_by": "/bin/sh -c #(nop) ADD file:4eb2d82a9268a2eceef36401799108b9d67f1aaef5a81e0ea744b7f736a98596 in /root/buildinfo/content_manifests/ubi8-container-8.8-1032.json ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867099687Z",
"created_by": "/bin/sh -c #(nop) ADD file:f9f7ba78e28f98ff3613c1dd6e098c454103de4a37a63fc4d55862f10312d4fa in /root/buildinfo/Dockerfile-ubi8-8.8-1032 ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867356337Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T16:01:51\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"384f2bb33eebab960262e967aa16d01fe2dbebff\" \"io.k8s.description\"=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:47.557027147Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/repo-cdf2d.repo' '/etc/yum.repos.d/repo-a0366.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:48.241582342Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:50.63687417Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :"
}
],
"NamesHistory": [
"registry.access.redhat.com/ubi8:latest"
]
}
]
4.6.1
$ podman pull registry.access.redhat.com/ubi8
Trying to pull registry.access.redhat.com/ubi8:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob bea2a0b08f4f done
Copying config 7e569fa199 done
Writing manifest to image destination
Storing signatures
7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714
$ podman inspect registry.access.redhat.com/ubi8
[
{
"Id": "7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714",
"Digest": "sha256:b6616b280ec23c2283ac10e19dd3cd4c8e6df14599f6d93f662ca261273097a9",
"RepoTags": [
"registry.access.redhat.com/ubi8:latest"
],
"RepoDigests": [
"registry.access.redhat.com/ubi8@sha256:64cee7b543ac539d0a45a59f607b5248f2a332038c1214ac920b9d7bf6708f61",
"registry.access.redhat.com/ubi8@sha256:b6616b280ec23c2283ac10e19dd3cd4c8e6df14599f6d93f662ca261273097a9"
],
"Parent": "",
"Comment": "",
"Created": "2023-08-02T16:13:48.942758336Z",
"Config": {
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"container=oci"
],
"Cmd": [
"/bin/bash"
],
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T16:01:51",
"com.redhat.component": "ubi8-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"io.k8s.display-name": "Red Hat Universal Base Image 8",
"io.openshift.expose-services": "",
"io.openshift.tags": "base rhel8",
"maintainer": "Red Hat, Inc.",
"name": "ubi8",
"release": "1032",
"summary": "Provides the latest release of Red Hat Universal Base Image 8.",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032",
"vcs-ref": "384f2bb33eebab960262e967aa16d01fe2dbebff",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "8.8"
}
},
"Version": "",
"Author": "",
"Architecture": "amd64",
"Os": "linux",
"Size": 214836852,
"VirtualSize": 214836852,
"GraphDriver": {
"Name": "overlay",
"Data": {
"UpperDir": "/home/user/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/diff",
"WorkDir": "/home/user/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/work"
}
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6"
]
},
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T16:01:51",
"com.redhat.component": "ubi8-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"io.k8s.display-name": "Red Hat Universal Base Image 8",
"io.openshift.expose-services": "",
"io.openshift.tags": "base rhel8",
"maintainer": "Red Hat, Inc.",
"name": "ubi8",
"release": "1032",
"summary": "Provides the latest release of Red Hat Universal Base Image 8.",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032",
"vcs-ref": "384f2bb33eebab960262e967aa16d01fe2dbebff",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "8.8"
},
"Annotations": {},
"ManifestType": "application/vnd.docker.distribution.manifest.v2+json",
"User": "",
"History": [
{
"created": "2023-08-02T16:13:43.413855867Z",
"created_by": "/bin/sh -c #(nop) ADD file:66850d5e06c92b8217827133037551e15038c13d34d93849bbbae9b267ebfcab in / ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.234844694Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.504605478Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821005175Z",
"created_by": "/bin/sh -c #(nop) ADD multi:dad1054d72a3e8b4c584c001e3dcf03e2e308d6704afa67bdb7e61f11a6faa13 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82105276Z",
"created_by": "/bin/sh -c #(nop) LABEL maintainer=\"Red Hat, Inc.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821147126Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.component=\"ubi8-container\" name=\"ubi8\" version=\"8.8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821198865Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82123808Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"Provides the latest release of Red Hat Universal Base Image 8.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821341507Z",
"created_by": "/bin/sh -c #(nop) LABEL description=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821378364Z",
"created_by": "/bin/sh -c #(nop) LABEL io.k8s.display-name=\"Red Hat Universal Base Image 8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821395512Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.expose-services=\"\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82141745Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.tags=\"base rhel8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821430402Z",
"created_by": "/bin/sh -c #(nop) ENV container oci",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821470331Z",
"created_by": "/bin/sh -c #(nop) ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821477084Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:45.639824443Z",
"created_by": "/bin/sh -c rm -rf /var/log/*",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334926485Z",
"created_by": "/bin/sh -c mkdir -p /var/log/rhsm",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334990462Z",
"created_by": "/bin/sh -c #(nop) LABEL release=1032",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.610152303Z",
"created_by": "/bin/sh -c #(nop) ADD file:4eb2d82a9268a2eceef36401799108b9d67f1aaef5a81e0ea744b7f736a98596 in /root/buildinfo/content_manifests/ubi8-container-8.8-1032.json ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867099687Z",
"created_by": "/bin/sh -c #(nop) ADD file:f9f7ba78e28f98ff3613c1dd6e098c454103de4a37a63fc4d55862f10312d4fa in /root/buildinfo/Dockerfile-ubi8-8.8-1032 ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867356337Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T16:01:51\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"384f2bb33eebab960262e967aa16d01fe2dbebff\" \"io.k8s.description\"=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:47.557027147Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/repo-cdf2d.repo' '/etc/yum.repos.d/repo-a0366.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:48.241582342Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:50.63687417Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :"
}
],
"NamesHistory": [
"registry.access.redhat.com/ubi8:latest"
]
}
]
Original
$ skopeo inspect --raw docker://registry.access.redhat.com/ubi8
4.5.1
$ skopeo inspect --raw docker://registry.access.redhat.com/ubi8
{
"manifests": [
{
"digest": "sha256:64cee7b543ac539d0a45a59f607b5248f2a332038c1214ac920b9d7bf6708f61",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "amd64",
"os": "linux"
},
"size": 429
},
{
"digest": "sha256:30b065f0f8c0469e128a184111e3979a6c92511c07aea988a624398ca79f9bc7",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "arm64",
"os": "linux"
},
"size": 429
},
{
"digest": "sha256:482f43c1c8c5691f8cb909c7652c5f5bac476144e8dae214af03ce3e48fb8854",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "ppc64le",
"os": "linux"
},
"size": 429
},
{
"digest": "sha256:abf8da32a970f6c836b945e7b54128c654f2639934a10afe7204cf995e02cbdc",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "s390x",
"os": "linux"
},
"size": 429
}
],
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"schemaVersion": 2
}
4.6.1
$ skopeo inspect --raw docker://registry.access.redhat.com/ubi8
{
"manifests": [
{
"digest": "sha256:64cee7b543ac539d0a45a59f607b5248f2a332038c1214ac920b9d7bf6708f61",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "amd64",
"os": "linux"
},
"size": 429
},
{
"digest": "sha256:30b065f0f8c0469e128a184111e3979a6c92511c07aea988a624398ca79f9bc7",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "arm64",
"os": "linux"
},
"size": 429
},
{
"digest": "sha256:482f43c1c8c5691f8cb909c7652c5f5bac476144e8dae214af03ce3e48fb8854",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "ppc64le",
"os": "linux"
},
"size": 429
},
{
"digest": "sha256:abf8da32a970f6c836b945e7b54128c654f2639934a10afe7204cf995e02cbdc",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "s390x",
"os": "linux"
},
"size": 429
}
],
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"schemaVersion": 2
}
Original
$ podman pull ubi8/httpd-24
4.5.1
$ podman pull ubi8/httpd-24
? Please select an image:
▸ registry.fedoraproject.org/ubi8/httpd-24:latest
registry.access.redhat.com/ubi8/httpd-24:latest
docker.io/ubi8/httpd-24:latest
quay.io/ubi8/httpd-24:latest
4.6.1
$ podman pull ubi8/httpd-24
? Please select an image:
▸ registry.fedoraproject.org/ubi8/httpd-24:latest
registry.access.redhat.com/ubi8/httpd-24:latest
docker.io/ubi8/httpd-24:latest
quay.io/ubi8/httpd-24:latest
Original
$ podman run -ti --rm registry.access.redhat.com/ubi8/httpd-24 bash
4.5.1
$ podman run -ti --rm registry.access.redhat.com/ubi8/httpd-24 bash
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 28eca6c71374 done
Copying blob bea2a0b08f4f skipped: already exists
Copying blob 7822e944d15c done
Copying config 81cf3b3bd4 done
Writing manifest to image destination
Storing signatures
bash-4.4$
4.6.1
$ podman run -ti --rm registry.access.redhat.com/ubi8/httpd-24 bash
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 28eca6c71374 done
Copying blob 7822e944d15c done
Copying blob bea2a0b08f4f skipped: already exists
Copying config 81cf3b3bd4 done
Writing manifest to image destination
Storing signatures
bash-4.4$
Original
bash-4.4$ grep PRETTY_NAME /etc/os-release
4.5.1
bash-4.4$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Red Hat Enterprise Linux 8.8 (Ootpa)"
4.6.1
bash-4.4$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Red Hat Enterprise Linux 8.8 (Ootpa)"
Original
bash-4.4$ ls /usr/bin/ | wc -l
4.5.1
$ ls /usr/bin/ | wc -l
526
4.6.1
$ ls /usr/bin/ | wc -l
526
Original
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
4.5.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f
4.6.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506
Original
$ podman port myapp
4.5.1
$ podman port myapp
8080/tcp -> 0.0.0.0:8080
4.6.1
$ podman port myapp
8080/tcp -> 0.0.0.0:8080
Original
$ podman run -d -p 8081:8080 --name myapp1 registry.access.redhat.com/ubi8/httpd-24
4.5.1
$ podman run -d -p 8081:8080 --name myapp1 registry.access.redhat.com/ubi8/httpd-24
82e22b81a36702c139c5394a862072b830a0ad8ede9a3c7917e897320fe6ec36
4.6.1
$ podman run -d -p 8081:8080 --name myapp1 registry.access.redhat.com/ubi8/httpd-24
f4a71b7f41b9c309bb7a98c0396ce0c8f821fdf4852ddb2054b42c12c89089f3
Original
$ podman stop myapp
4.5.1
$ podman stop myapp
myapp
4.6.1
$ podman stop myapp
myapp
Original
$ podman stop -t 0 myapp1
4.5.1
$ podman stop -t 0 myapp1
myapp1
4.6.1
$ podman stop -t 0 myapp1
myapp1
Original
$ podman start myapp
4.5.1
$ podman start myapp
myapp
4.6.1
$ podman start myapp
myapp
Original
$ podman ps
4.5.1
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a6aabf5be1e4 registry.access.redhat.com/ubi8/httpd-24:latest /usr/bin/run-http... 10 minutes ago Up About a minute 0.0.0.0:8080->8080/tcp myapp
4.6.1
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac22fa04f901 registry.access.redhat.com/ubi8/httpd-24:latest /usr/bin/run-http... 10 minutes ago Up 52 seconds 0.0.0.0:8080->8080/tcp myapp
Original
$ podman ps --all
4.5.1
$ podman ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a6aabf5be1e4 registry.access.redhat.com/ubi8/httpd-24:latest /usr/bin/run-http... 11 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp myapp
82e22b81a367 registry.access.redhat.com/ubi8/httpd-24:latest /usr/bin/run-http... 5 minutes ago Exited (137) 3 minutes ago 0.0.0.0:8081->8080/tcp myapp1
4.6.1
$ podman ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac22fa04f901 registry.access.redhat.com/ubi8/httpd-24:latest /usr/bin/run-http... 11 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp myapp
f4a71b7f41b9 registry.access.redhat.com/ubi8/httpd-24:latest /usr/bin/run-http... 6 minutes ago Exited (137) 3 minutes ago 0.0.0.0:8081->8080/tcp myapp1
Original
$ podman inspect myapp
4.5.1
$ podman inspect myapp
[
{
"Id": "a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f",
"Created": "2023-08-20T04:50:10.04881413+09:00",
"Path": "container-entrypoint",
"Args": [
"/usr/bin/run-httpd"
],
"State": {
"OciVersion": "1.1.0-rc.1",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 21242,
"ConmonPid": 21240,
"ExitCode": 0,
"Error": "",
"StartedAt": "2023-08-20T04:59:24.705195067+09:00",
"FinishedAt": "2023-08-20T04:57:13.377795653+09:00",
"Health": {
"Status": "",
"FailingStreak": 0,
"Log": null
},
"CgroupPath": "/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f.scope",
"CheckpointedAt": "0001-01-01T00:00:00Z",
"RestoredAt": "0001-01-01T00:00:00Z"
},
"Image": "81cf3b3bd489ea3dec0a12eabca104c8a851c5e0f60c0b07ac34e7e02e63565e",
"ImageDigest": "sha256:b72f2fd69dbc32d273bebb2da30734c9bc8d9acfd210200e9ad5e69d8b089372",
"ImageName": "registry.access.redhat.com/ubi8/httpd-24:latest",
"Rootfs": "",
"Pod": "",
"ResolvConfPath": "/run/user/1001/containers/overlay-containers/a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f/userdata/resolv.conf",
"HostnamePath": "/run/user/1001/containers/overlay-containers/a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f/userdata/hostname",
"HostsPath": "/run/user/1001/containers/overlay-containers/a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f/userdata/hosts",
"StaticDir": "/home/shtanaka/.local/share/containers/storage/overlay-containers/a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f/userdata",
"OCIConfigPath": "/home/shtanaka/.local/share/containers/storage/overlay-containers/a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f/userdata/config.json",
"OCIRuntime": "crun",
"ConmonPidFile": "/run/user/1001/containers/overlay-containers/a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f/userdata/conmon.pid",
"PidFile": "/run/user/1001/containers/overlay-containers/a6aabf5be1e40cb6dd9e1b05c1fd4bcecaa5a0e3bf114014542146cecd6ba07f/userdata/pidfile",
"Name": "myapp",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "system_u:object_r:container_file_t:s0:c111,c546",
"ProcessLabel": "system_u:system_r:container_t:s0:c111,c546",
"AppArmorProfile": "",
"EffectiveCaps": null,
"BoundingCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"ExecIDs": [],
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/home/shtanaka/.local/share/containers/storage/overlay/10499604104794900ceba300873b4bf08356c0ca71c9dc64bbd1d062fc79e613/diff:/home/shtanaka/.local/share/containers/storage/overlay/7995807f8261e7a0751ce550b73c3d7ccf9f016b8666f84a61d4aa8ffb3bc3f8/diff:/home/shtanaka/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/diff",
"MergedDir": "/home/shtanaka/.local/share/containers/storage/overlay/13bd1ed43a7f19d5089e72b94cb8a177ed96b47efcbc6eedf0580032f145b7fa/merged",
"UpperDir": "/home/shtanaka/.local/share/containers/storage/overlay/13bd1ed43a7f19d5089e72b94cb8a177ed96b47efcbc6eedf0580032f145b7fa/diff",
"WorkDir": "/home/shtanaka/.local/share/containers/storage/overlay/13bd1ed43a7f19d5089e72b94cb8a177ed96b47efcbc6eedf0580032f145b7fa/work"
}
},
"Mounts": [],
"Dependencies": [],
"NetworkSettings": {
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
],
"8443/tcp": null
},
"SandboxKey": "/run/user/1001/netns/netns-20e09c2f-e712-0b58-4fcc-f85bc8296282"
},
"Namespace": "",
"IsInfra": false,
"IsService": false,
"Config": {
"Hostname": "a6aabf5be1e4",
"Domainname": "",
"User": "1001",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"HOME=/opt/app-root/src",
"PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d",
"PLATFORM=el8",
"HTTPD_VAR_RUN=/var/run/httpd",
"HTTPD_LOG_PATH=/var/log/httpd",
"DESCRIPTION=Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"HTTPD_APP_ROOT=/opt/app-root",
"container=oci",
"HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/",
"APP_ROOT=/opt/app-root",
"STI_SCRIPTS_URL=image:///usr/libexec/s2i",
"HTTPD_DATA_ORIG_PATH=/var/www",
"HTTPD_VERSION=2.4",
"HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d",
"HTTPD_TLS_CERT_PATH=/etc/httpd/tls",
"HTTPD_DATA_PATH=/var/www",
"SUMMARY=Platform for running Apache httpd 2.4 or building httpd-based application",
"HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d",
"HTTPD_MAIN_CONF_PATH=/etc/httpd/conf",
"STI_SCRIPTS_PATH=/usr/libexec/s2i",
"HOSTNAME=a6aabf5be1e4"
],
"Cmd": [
"/usr/bin/run-httpd"
],
"Image": "registry.access.redhat.com/ubi8/httpd-24:latest",
"Volumes": null,
"WorkingDir": "/opt/app-root/src",
"Entrypoint": "container-entrypoint",
"OnBuild": null,
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T19:21:52",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "rhel8/httpd-24",
"release": "274",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server",
"vcs-ref": "dca5db0ef763970268d701b64f8f5b292c83ad16",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Annotations": {
"io.container.manager": "libpod",
"org.opencontainers.image.stopSignal": "15"
},
"StopSignal": 15,
"HealthcheckOnFailureAction": "none",
"CreateCommand": [
"podman",
"run",
"-d",
"-p",
"8080:8080",
"--name",
"myapp",
"registry.access.redhat.com/ubi8/httpd-24"
],
"Umask": "0022",
"Timeout": 0,
"StopTimeout": 10,
"Passwd": true,
"sdNotifyMode": "container"
},
"HostConfig": {
"Binds": [],
"CgroupManager": "systemd",
"CgroupMode": "private",
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": null,
"Path": "",
"Tag": "",
"Size": "0B"
},
"NetworkMode": "slirp4netns",
"PortBindings": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": [],
"CapDrop": [],
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": [],
"IpcMode": "shareable",
"Cgroup": "",
"Cgroups": "default",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "private",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [],
"Tmpfs": {},
"UTSMode": "private",
"UsernsMode": "",
"ShmSize": 65536000,
"Runtime": "oci",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "user.slice",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": 0,
"OomKillDisable": false,
"PidsLimit": 2048,
"Ulimits": [
{
"Name": "RLIMIT_NOFILE",
"Soft": 524288,
"Hard": 524288
},
{
"Name": "RLIMIT_NPROC",
"Soft": 31540,
"Hard": 31540
}
],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"CgroupConf": null
}
}
]
4.6.1
$ podman inspect myapp
[
{
"Id": "ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506",
"Created": "2023-08-20T04:50:15.106672971+09:00",
"Path": "container-entrypoint",
"Args": [
"/usr/bin/run-httpd"
],
"State": {
"OciVersion": "1.1.0-rc.3",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 3244,
"ConmonPid": 3242,
"ExitCode": 0,
"Error": "",
"StartedAt": "2023-08-20T04:59:29.654229156+09:00",
"FinishedAt": "2023-08-20T04:57:17.086868845+09:00",
"Health": {
"Status": "",
"FailingStreak": 0,
"Log": null
},
"CgroupPath": "/user.slice/user-1000.slice/user@1000.service/user.slice/libpod-ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506.scope",
"CheckpointedAt": "0001-01-01T00:00:00Z",
"RestoredAt": "0001-01-01T00:00:00Z"
},
"Image": "81cf3b3bd489ea3dec0a12eabca104c8a851c5e0f60c0b07ac34e7e02e63565e",
"ImageDigest": "sha256:b72f2fd69dbc32d273bebb2da30734c9bc8d9acfd210200e9ad5e69d8b089372",
"ImageName": "registry.access.redhat.com/ubi8/httpd-24:latest",
"Rootfs": "",
"Pod": "",
"ResolvConfPath": "/run/user/1000/containers/overlay-containers/ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506/userdata/resolv.conf",
"HostnamePath": "/run/user/1000/containers/overlay-containers/ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506/userdata/hostname",
"HostsPath": "/run/user/1000/containers/overlay-containers/ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506/userdata/hosts",
"StaticDir": "/home/user/.local/share/containers/storage/overlay-containers/ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506/userdata",
"OCIConfigPath": "/home/user/.local/share/containers/storage/overlay-containers/ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506/userdata/config.json",
"OCIRuntime": "crun",
"ConmonPidFile": "/run/user/1000/containers/overlay-containers/ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506/userdata/conmon.pid",
"PidFile": "/run/user/1000/containers/overlay-containers/ac22fa04f90198192c6976807772676f74c5e32e8952b8749a541d80b7a99506/userdata/pidfile",
"Name": "myapp",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "system_u:object_r:container_file_t:s0:c58,c542",
"ProcessLabel": "system_u:system_r:container_t:s0:c58,c542",
"AppArmorProfile": "",
"EffectiveCaps": null,
"BoundingCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"ExecIDs": [],
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/home/user/.local/share/containers/storage/overlay/10499604104794900ceba300873b4bf08356c0ca71c9dc64bbd1d062fc79e613/diff:/home/user/.local/share/containers/storage/overlay/7995807f8261e7a0751ce550b73c3d7ccf9f016b8666f84a61d4aa8ffb3bc3f8/diff:/home/user/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/diff",
"MergedDir": "/home/user/.local/share/containers/storage/overlay/a5755cad42c54ebb5466ba82885670c0578d0f06c0ad6981654f6a2443050a8e/merged",
"UpperDir": "/home/user/.local/share/containers/storage/overlay/a5755cad42c54ebb5466ba82885670c0578d0f06c0ad6981654f6a2443050a8e/diff",
"WorkDir": "/home/user/.local/share/containers/storage/overlay/a5755cad42c54ebb5466ba82885670c0578d0f06c0ad6981654f6a2443050a8e/work"
}
},
"Mounts": [],
"Dependencies": [],
"NetworkSettings": {
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
],
"8443/tcp": null
},
"SandboxKey": "/run/user/1000/netns/netns-5522b840-d440-92a0-7253-c0499fd89b32"
},
"Namespace": "",
"IsInfra": false,
"IsService": false,
"KubeExitCodePropagation": "invalid",
"lockNumber": 0,
"Config": {
"Hostname": "ac22fa04f901",
"Domainname": "",
"User": "1001",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"HTTPD_MAIN_CONF_PATH=/etc/httpd/conf",
"HTTPD_APP_ROOT=/opt/app-root",
"HOME=/opt/app-root/src",
"container=oci",
"HTTPD_TLS_CERT_PATH=/etc/httpd/tls",
"APP_ROOT=/opt/app-root",
"HTTPD_VERSION=2.4",
"PLATFORM=el8",
"HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d",
"STI_SCRIPTS_URL=image:///usr/libexec/s2i",
"HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d",
"TERM=xterm",
"HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/",
"HTTPD_DATA_PATH=/var/www",
"HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d",
"HTTPD_DATA_ORIG_PATH=/var/www",
"SUMMARY=Platform for running Apache httpd 2.4 or building httpd-based application",
"HTTPD_LOG_PATH=/var/log/httpd",
"DESCRIPTION=Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HTTPD_VAR_RUN=/var/run/httpd",
"STI_SCRIPTS_PATH=/usr/libexec/s2i",
"HOSTNAME=ac22fa04f901"
],
"Cmd": [
"/usr/bin/run-httpd"
],
"Image": "registry.access.redhat.com/ubi8/httpd-24:latest",
"Volumes": null,
"WorkingDir": "/opt/app-root/src",
"Entrypoint": "container-entrypoint",
"OnBuild": null,
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T19:21:52",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "rhel8/httpd-24",
"release": "274",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server",
"vcs-ref": "dca5db0ef763970268d701b64f8f5b292c83ad16",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Annotations": {
"io.container.manager": "libpod",
"org.opencontainers.image.stopSignal": "15"
},
"StopSignal": 15,
"HealthcheckOnFailureAction": "none",
"CreateCommand": [
"podman",
"run",
"-d",
"-p",
"8080:8080",
"--name",
"myapp",
"registry.access.redhat.com/ubi8/httpd-24"
],
"Umask": "0022",
"Timeout": 0,
"StopTimeout": 10,
"Passwd": true,
"sdNotifyMode": "container"
},
"HostConfig": {
"Binds": [],
"CgroupManager": "systemd",
"CgroupMode": "private",
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": null,
"Path": "",
"Tag": "",
"Size": "0B"
},
"NetworkMode": "slirp4netns",
"PortBindings": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": [],
"CapDrop": [],
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": [],
"IpcMode": "shareable",
"Cgroup": "",
"Cgroups": "default",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "private",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [],
"Tmpfs": {},
"UTSMode": "private",
"UsernsMode": "",
"ShmSize": 65536000,
"Runtime": "oci",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "user.slice",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": 0,
"OomKillDisable": false,
"PidsLimit": 2048,
"Ulimits": [
{
"Name": "RLIMIT_NOFILE",
"Soft": 524288,
"Hard": 524288
},
{
"Name": "RLIMIT_NPROC",
"Soft": 15440,
"Hard": 15440
}
],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"CgroupConf": null
}
}
]
Original
$ podman rm myapp1
4.5.1
$ podman rm myapp1
myapp1
4.6.1
$ podman rm myapp1
myapp1
Original
$ podman exec -i myapp bash -c 'cat > /var/www/html/index.html' << _EOF
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
_EOF
4.5.1
$ podman exec -i myapp bash -c 'cat > /var/www/html/index.html' << _EOF
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
_EOF
4.6.1
$ podman exec -i myapp bash -c 'cat > /var/www/html/index.html' << _EOF
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
_EOF
Original
$ podman exec myapp cat /var/www/html/index.html
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
4.5.1
$ podman exec myapp cat /var/www/html/index.html
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
4.6.1
$ podman exec myapp cat /var/www/html/index.html
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
Original
$ podman stop myapp
$ podman commit myapp myimage
4.5.1
$ podman stop myapp
myapp
$ podman commit myapp myimage
Getting image source signatures
Copying blob 815ca85c5fa5 skipped: already exists
Copying blob 7fba9a5f2f19 skipped: already exists
Copying blob 9e7e7446d047 skipped: already exists
Copying blob e9af2776a21c done
Copying config 51ffb111a8 done
Writing manifest to image destination
Storing signatures
51ffb111a83e7a7f42b94364da61192ea59a317b270045f5b06eeb56233a8246
4.6.1
$ podman stop myapp
myapp
$ podman commit myapp myimage
Getting image source signatures
Copying blob 815ca85c5fa5 skipped: already exists
Copying blob 7fba9a5f2f19 skipped: already exists
Copying blob 9e7e7446d047 skipped: already exists
Copying blob 297bab43645d done
Copying config 6b05dce7e9 done
Writing manifest to image destination
6b05dce7e943c1c4911de822da137028c457173b110ba05d7143035fae18c774
Original
$ podman run -d --name myapp1 -p 8080:8080 myimage
4.5.1
$ podman run -d --name myapp1 -p 8080:8080 myimage
4c7444695da97b24658dded3a81485b45421598bf6f9ea7cd527c45bd41f97fd
4.6.1
$ podman run -d --name myapp1 -p 8080:8080 myimage
56c304bb3d838f3bb529a6d988cd11090693b5046d536fd74bd52004329ec64c
Original
$ podman image tree myimage
4.5.1
$ podman image tree myimage
Image ID: 51ffb111a83e
Tags: [localhost/myimage:latest]
Size: 453.9MB
Image Layers
├── ID: 815ca85c5fa5 Size: 214.8MB Top Layer of: [registry.access.redhat.com/ubi8:latest]
├── ID: 7995807f8261 Size: 59.36MB
├── ID: 104996041047 Size: 179.6MB Top Layer of: [registry.access.redhat.com/ubi8/httpd-24:latest]
└── ID: 1b6bb2a5bbda Size: 62.46kB Top Layer of: [localhost/myimage:latest]
4.6.1
$ podman image tree myimage
Image ID: 6b05dce7e943
Tags: [localhost/myimage:latest]
Size: 453.9MB
Image Layers
├── ID: 815ca85c5fa5 Size: 214.8MB Top Layer of: [registry.access.redhat.com/ubi8:latest]
├── ID: 7995807f8261 Size: 59.36MB
├── ID: 104996041047 Size: 179.6MB Top Layer of: [registry.access.redhat.com/ubi8/httpd-24:latest]
└── ID: 88b57da7da3d Size: 62.46kB Top Layer of: [localhost/myimage:latest]
Original
$ podman image diff myimage ubi8/httpd-24
4.5.1
$ podman image diff myimage ubi8/httpd-24
C /etc
C /etc/group
C /etc/httpd
C /etc/httpd/conf
C /etc/httpd/conf/httpd.conf
C /etc/httpd/conf.d
C /etc/httpd/conf.d/ssl.conf
C /etc/httpd/tls
A /etc/httpd/tls/dhparams.pem
A /etc/httpd/tls/localhost.crt
A /etc/httpd/tls/localhost.key
C /opt/app-root
C /opt/app-root/etc
C /opt
A /opt/app-root/etc/passwd
C /run/httpd
C /tmp
C /var
C /var/log
C /var/log/httpd
A /var/log/httpd/modsec_audit.log
A /var/log/httpd/modsec_debug.log
C /var/www
C /var/www/html
A /var/www/html/index.html
4.6.1
$ podman image diff myimage ubi8/httpd-24
C /etc
C /etc/group
C /etc/httpd
C /etc/httpd/conf
C /etc/httpd/conf/httpd.conf
C /etc/httpd/conf.d
C /etc/httpd/conf.d/ssl.conf
C /etc/httpd/tls
A /etc/httpd/tls/dhparams.pem
A /etc/httpd/tls/localhost.crt
A /etc/httpd/tls/localhost.key
C /opt/app-root
C /opt/app-root/etc
C /opt
A /opt/app-root/etc/passwd
C /run/httpd
C /tmp
C /var
C /var/log
C /var/log/httpd
A /var/log/httpd/modsec_audit.log
A /var/log/httpd/modsec_debug.log
C /var/www
C /var/www/html
A /var/www/html/index.html
Original
$ podman images
4.5.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 51ffb111a83e 5 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
4.6.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 6b05dce7e943 5 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
Original
$ podman image inspect myimage
4.5.1
$ podman image inspect myimage
[
{
"Id": "51ffb111a83e7a7f42b94364da61192ea59a317b270045f5b06eeb56233a8246",
"Digest": "sha256:84567e654b2c53436f36724e34b5894c1adf3388ef76af7ca5bbb1391a4db119",
"RepoTags": [
"localhost/myimage:latest"
],
"RepoDigests": [
"localhost/myimage@sha256:84567e654b2c53436f36724e34b5894c1adf3388ef76af7ca5bbb1391a4db119"
],
"Parent": "81cf3b3bd489ea3dec0a12eabca104c8a851c5e0f60c0b07ac34e7e02e63565e",
"Comment": "",
"Created": "2023-08-19T20:10:23.480331464Z",
"Config": {
"User": "1001",
"ExposedPorts": {
"8080/tcp": {},
"8443/tcp": {}
},
"Env": [
"HOME=/opt/app-root/src",
"PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d",
"PLATFORM=el8",
"HTTPD_VAR_RUN=/var/run/httpd",
"HTTPD_LOG_PATH=/var/log/httpd",
"DESCRIPTION=Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"HTTPD_APP_ROOT=/opt/app-root",
"container=oci",
"HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/",
"APP_ROOT=/opt/app-root",
"STI_SCRIPTS_URL=image:///usr/libexec/s2i",
"HTTPD_DATA_ORIG_PATH=/var/www",
"HTTPD_VERSION=2.4",
"HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d",
"HTTPD_TLS_CERT_PATH=/etc/httpd/tls",
"HTTPD_DATA_PATH=/var/www",
"SUMMARY=Platform for running Apache httpd 2.4 or building httpd-based application",
"HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d",
"HTTPD_MAIN_CONF_PATH=/etc/httpd/conf",
"STI_SCRIPTS_PATH=/usr/libexec/s2i"
],
"Entrypoint": [
"container-entrypoint"
],
"Cmd": [
"/usr/bin/run-httpd"
],
"WorkingDir": "/opt/app-root/src",
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T19:21:52",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "rhel8/httpd-24",
"release": "274",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server",
"vcs-ref": "dca5db0ef763970268d701b64f8f5b292c83ad16",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
}
},
"Version": "",
"Author": "",
"Architecture": "amd64",
"Os": "linux",
"Size": 453854025,
"VirtualSize": 453854025,
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/home/shtanaka/.local/share/containers/storage/overlay/10499604104794900ceba300873b4bf08356c0ca71c9dc64bbd1d062fc79e613/diff:/home/shtanaka/.local/share/containers/storage/overlay/7995807f8261e7a0751ce550b73c3d7ccf9f016b8666f84a61d4aa8ffb3bc3f8/diff:/home/shtanaka/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/diff",
"UpperDir": "/home/shtanaka/.local/share/containers/storage/overlay/1b6bb2a5bbda0460464341e8c563a746202dd464356ee78539bb4595e1202bda/diff",
"WorkDir": "/home/shtanaka/.local/share/containers/storage/overlay/1b6bb2a5bbda0460464341e8c563a746202dd464356ee78539bb4595e1202bda/work"
}
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6",
"sha256:7fba9a5f2f19492584f0a88c1ec49e6b692d45625e746c30aa7cf685472bf64a",
"sha256:9e7e7446d04731f5c8a43b8645b7608e770390082be1058654a8a1156a3c2937",
"sha256:e9af2776a21c50999d96d55c59b081e642ac381e29f3df819a681d9a49c3c7cc"
]
},
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T19:21:52",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "rhel8/httpd-24",
"release": "274",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server",
"vcs-ref": "dca5db0ef763970268d701b64f8f5b292c83ad16",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Annotations": {},
"ManifestType": "application/vnd.oci.image.manifest.v1+json",
"User": "1001",
"History": [
{
"created": "2023-08-02T16:13:43.413855867Z",
"created_by": "/bin/sh -c #(nop) ADD file:66850d5e06c92b8217827133037551e15038c13d34d93849bbbae9b267ebfcab in / ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.234844694Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.504605478Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821005175Z",
"created_by": "/bin/sh -c #(nop) ADD multi:dad1054d72a3e8b4c584c001e3dcf03e2e308d6704afa67bdb7e61f11a6faa13 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82105276Z",
"created_by": "/bin/sh -c #(nop) LABEL maintainer=\"Red Hat, Inc.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821147126Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.component=\"ubi8-container\" name=\"ubi8\" version=\"8.8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821198865Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82123808Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"Provides the latest release of Red Hat Universal Base Image 8.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821341507Z",
"created_by": "/bin/sh -c #(nop) LABEL description=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821378364Z",
"created_by": "/bin/sh -c #(nop) LABEL io.k8s.display-name=\"Red Hat Universal Base Image 8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821395512Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.expose-services=\"\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82141745Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.tags=\"base rhel8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821430402Z",
"created_by": "/bin/sh -c #(nop) ENV container oci",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821470331Z",
"created_by": "/bin/sh -c #(nop) ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821477084Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:45.639824443Z",
"created_by": "/bin/sh -c rm -rf /var/log/*",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334926485Z",
"created_by": "/bin/sh -c mkdir -p /var/log/rhsm",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334990462Z",
"created_by": "/bin/sh -c #(nop) LABEL release=1032",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.610152303Z",
"created_by": "/bin/sh -c #(nop) ADD file:4eb2d82a9268a2eceef36401799108b9d67f1aaef5a81e0ea744b7f736a98596 in /root/buildinfo/content_manifests/ubi8-container-8.8-1032.json ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867099687Z",
"created_by": "/bin/sh -c #(nop) ADD file:f9f7ba78e28f98ff3613c1dd6e098c454103de4a37a63fc4d55862f10312d4fa in /root/buildinfo/Dockerfile-ubi8-8.8-1032 ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867356337Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T16:01:51\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"384f2bb33eebab960262e967aa16d01fe2dbebff\" \"io.k8s.description\"=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:47.557027147Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/repo-cdf2d.repo' '/etc/yum.repos.d/repo-a0366.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:48.241582342Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:50.63687417Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :"
},
{
"created": "2023-08-02T19:01:05.407368965Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:05.679342147Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.02259183Z",
"created_by": "/bin/sh -c #(nop) ADD multi:3f5c8c4d64b5db0697a7385cc48f2881f666419c483f6ec1e4d1d744614af676 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.022701739Z",
"created_by": "/bin/sh -c #(nop) ENV SUMMARY=\"Base image which allows using of source-to-image.\"\t DESCRIPTION=\"The s2i-core image provides any images layered on top of it with all the tools needed to use source-to-image functionality while keeping the image size as small as possible.\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.022863537Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"$SUMMARY\" description=\"$DESCRIPTION\" io.k8s.description=\"$DESCRIPTION\" io.k8s.display-name=\"s2i core\" io.openshift.s2i.scripts-url=image:///usr/libexec/s2i io.s2i.scripts-url=image:///usr/libexec/s2i com.redhat.component=\"s2i-core-container\" name=\"ubi8/s2i-core\" version=\"1\" com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.022972368Z",
"created_by": "/bin/sh -c #(nop) ENV STI_SCRIPTS_URL=image:///usr/libexec/s2i STI_SCRIPTS_PATH=/usr/libexec/s2i APP_ROOT=/opt/app-root HOME=/opt/app-root/src PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PLATFORM=\"el8\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.231111747Z",
"created_by": "/bin/sh -c INSTALL_PKGS=\"bsdtar findutils groff-base glibc-locale-source glibc-langpack-en gettext rsync scl-utils tar unzip xz yum\" && mkdir -p ${HOME}/.pki/nssdb && chown -R 1001:0 ${HOME}/.pki && yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && rpm -V $INSTALL_PKGS && yum -y clean all --enablerepo='*'",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.481431284Z",
"created_by": "/bin/sh -c #(nop) COPY dir:71c0a515282f43b566b109699374694cdeb4352e4c27e628626063f27927d535 in / ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.536908356Z",
"created_by": "/bin/sh -c #(nop) WORKDIR ${HOME}",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.596725827Z",
"created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"container-entrypoint\"]",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.65396775Z",
"created_by": "/bin/sh -c #(nop) CMD [\"base-usage\"]",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:53.633450279Z",
"created_by": "/bin/sh -c rpm-file-permissions && useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin -c \"Default Application User\" default && chown -R 1001:0 ${APP_ROOT}",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:53.702632017Z",
"created_by": "/bin/sh -c #(nop) LABEL release=428",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.032366342Z",
"created_by": "/bin/sh -c #(nop) ADD file:996086143aea19843a40d33ada72acddbc9d4ae7562cf08a00b835ce6a07446a in /help.1 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.396338736Z",
"created_by": "/bin/sh -c #(nop) ADD file:3e8906aa8e0797083e6dd7a539a10b043474e3b6890c3238694303d94150e29f in /root/buildinfo/content_manifests/s2i-core-container-1-428.json ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.79337732Z",
"created_by": "/bin/sh -c #(nop) ADD file:d48caa1cc245d78dd6528353a5610ee50063b6d07a90bf3a28abc9a9c7a23679 in /root/buildinfo/Dockerfile-ubi8-s2i-core-1-428 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.855996692Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T18:59:39\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"e448205c561bd060684f17f24be1aa37cd684887\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/s2i-core/images/1-428\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:55.590684182Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/odcs-2245189-22af1.repo' '/etc/yum.repos.d/repo-cdf2d.repo' '/etc/yum.repos.d/repo-a0366.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:56.288749602Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:57.431816323Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :",
"comment": "FROM registry-proxy.engineering.redhat.com/rh-osbs/ubi8@sha256:b6616b280ec23c2283ac10e19dd3cd4c8e6df14599f6d93f662ca261273097a9"
},
{
"created": "2023-08-02T19:23:23.217318178Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:23.544918398Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.004029068Z",
"created_by": "/bin/sh -c #(nop) ADD multi:073e8c365c0d2450c93eb9321e56e4cba88e2d64db28a0fd344136181ecdd941 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.062106608Z",
"created_by": "/bin/sh -c #(nop) ENV HTTPD_VERSION=2.4",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.136908108Z",
"created_by": "/bin/sh -c #(nop) ENV SUMMARY=\"Platform for running Apache httpd $HTTPD_VERSION or building httpd-based application\" DESCRIPTION=\"Apache httpd $HTTPD_VERSION available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.201751777Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"$SUMMARY\" description=\"$DESCRIPTION\" io.k8s.description=\"$DESCRIPTION\" io.k8s.display-name=\"Apache httpd $HTTPD_VERSION\" io.openshift.expose-services=\"8080:http,8443:https\" io.openshift.tags=\"builder,httpd,httpd-24\" name=\"rhel8/httpd-24\" version=\"1\" com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\" com.redhat.component=\"httpd-24-container\" usage=\"s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server\" maintainer=\"SoftwareCollections.org <sclorg@redhat.com>\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.277529506Z",
"created_by": "/bin/sh -c #(nop) EXPOSE 8080",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.337113259Z",
"created_by": "/bin/sh -c #(nop) EXPOSE 8443",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:20.803857848Z",
"created_by": "/bin/sh -c yum -y module enable httpd:$HTTPD_VERSION && INSTALL_PKGS=\"gettext hostname nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg\" && yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && rpm -V $INSTALL_PKGS && yum -y clean all --enablerepo='*'",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:20.857401232Z",
"created_by": "/bin/sh -c #(nop) ENV HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ HTTPD_APP_ROOT=${APP_ROOT} HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/httpd.d HTTPD_MAIN_CONF_PATH=/etc/httpd/conf HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d HTTPD_TLS_CERT_PATH=/etc/httpd/tls HTTPD_VAR_RUN=/var/run/httpd HTTPD_DATA_PATH=/var/www HTTPD_DATA_ORIG_PATH=/var/www HTTPD_LOG_PATH=/var/log/httpd",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:21.203386605Z",
"created_by": "/bin/sh -c #(nop) COPY dir:40b6acc2457d0ab2a1c2c94c3e4bb810ebf1edd24fccb1e6cbe4c1c74cd30e46 in $STI_SCRIPTS_PATH ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:21.528926697Z",
"created_by": "/bin/sh -c #(nop) COPY dir:cb1016a859edc82c2d716519ff55dea0ff7705faddf67aebfca078eb75a66f40 in / ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.28502848Z",
"created_by": "/bin/sh -c /usr/libexec/httpd-prepare && rpm-file-permissions",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.354772392Z",
"created_by": "/bin/sh -c #(nop) USER 1001",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.411517758Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/usr/bin/run-httpd\"]",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.466509002Z",
"created_by": "/bin/sh -c #(nop) LABEL release=274",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.772894884Z",
"created_by": "/bin/sh -c #(nop) ADD file:5d021381ed47155bf9714ae7abd752df1dabd9107edba5df9f1f1038b56239bf in /help.1 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.101985605Z",
"created_by": "/bin/sh -c #(nop) ADD file:1157282a0b6924574e55500992876aa924219dd7e55ef8ea60d4bc3506a542e0 in /root/buildinfo/content_manifests/httpd-24-container-1-274.json ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.463864855Z",
"created_by": "/bin/sh -c #(nop) ADD file:010744154ffe6e22a284831559cac1b2c22f31f8bf28604703c82df5f63cd587 in /root/buildinfo/Dockerfile-rhel8-httpd-24-1-274 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.55081072Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T19:21:52\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"dca5db0ef763970268d701b64f8f5b292c83ad16\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.808038793Z",
"created_by": "/bin/sh -c #(nop) USER root",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:25.734325897Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/odcs-2245189-22af1.repo' '/etc/yum.repos.d/odcs-2245411-cf80a.repo' '/etc/yum.repos.d/repo-a0366.repo' '/etc/yum.repos.d/repo-cdf2d.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:26.654134105Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:26.708566975Z",
"created_by": "/bin/sh -c #(nop) USER 1001",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:26.913425585Z",
"created_by": "/bin/sh -c #(nop) USER root",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:27.733415975Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:28.959479744Z",
"created_by": "/bin/sh -c #(nop) USER 1001",
"comment": "FROM registry-proxy.engineering.redhat.com/rh-osbs/ubi8-s2i-core@sha256:932469e3fedc7a57013c103515560571650e68f86dafb498c13ca8a2f3034f35"
},
{
"created": "2023-08-19T20:10:23.48952419Z",
"created_by": "/bin/sh",
"comment": "FROM registry.access.redhat.com/ubi8/httpd-24:latest"
}
],
"NamesHistory": [
"localhost/myimage:latest"
]
}
]
4.6.1
$ podman image inspect myimage
[
{
"Id": "6b05dce7e943c1c4911de822da137028c457173b110ba05d7143035fae18c774",
"Digest": "sha256:bd0ada3268158f81fc92ff7eb183d1ce0ebd827d5e248f957788146b541a6cc2",
"RepoTags": [
"localhost/myimage:latest"
],
"RepoDigests": [
"localhost/myimage@sha256:bd0ada3268158f81fc92ff7eb183d1ce0ebd827d5e248f957788146b541a6cc2"
],
"Parent": "81cf3b3bd489ea3dec0a12eabca104c8a851c5e0f60c0b07ac34e7e02e63565e",
"Comment": "",
"Created": "2023-08-19T20:10:25.894700461Z",
"Config": {
"User": "1001",
"ExposedPorts": {
"8080/tcp": {},
"8443/tcp": {}
},
"Env": [
"HTTPD_MAIN_CONF_PATH=/etc/httpd/conf",
"HTTPD_APP_ROOT=/opt/app-root",
"HOME=/opt/app-root/src",
"container=oci",
"HTTPD_TLS_CERT_PATH=/etc/httpd/tls",
"APP_ROOT=/opt/app-root",
"HTTPD_VERSION=2.4",
"PLATFORM=el8",
"HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d",
"STI_SCRIPTS_URL=image:///usr/libexec/s2i",
"HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d",
"TERM=xterm",
"HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/",
"HTTPD_DATA_PATH=/var/www",
"HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d",
"HTTPD_DATA_ORIG_PATH=/var/www",
"SUMMARY=Platform for running Apache httpd 2.4 or building httpd-based application",
"HTTPD_LOG_PATH=/var/log/httpd",
"DESCRIPTION=Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HTTPD_VAR_RUN=/var/run/httpd",
"STI_SCRIPTS_PATH=/usr/libexec/s2i"
],
"Entrypoint": [
"container-entrypoint"
],
"Cmd": [
"/usr/bin/run-httpd"
],
"WorkingDir": "/opt/app-root/src",
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T19:21:52",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "rhel8/httpd-24",
"release": "274",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server",
"vcs-ref": "dca5db0ef763970268d701b64f8f5b292c83ad16",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
}
},
"Version": "",
"Author": "",
"Architecture": "amd64",
"Os": "linux",
"Size": 453854026,
"VirtualSize": 453854026,
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/home/user/.local/share/containers/storage/overlay/10499604104794900ceba300873b4bf08356c0ca71c9dc64bbd1d062fc79e613/diff:/home/user/.local/share/containers/storage/overlay/7995807f8261e7a0751ce550b73c3d7ccf9f016b8666f84a61d4aa8ffb3bc3f8/diff:/home/user/.local/share/containers/storage/overlay/815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6/diff",
"UpperDir": "/home/user/.local/share/containers/storage/overlay/88b57da7da3d59bd15a2a5f6c5fda659b03c7a8aa2349cd12ff3acbea21e33e9/diff",
"WorkDir": "/home/user/.local/share/containers/storage/overlay/88b57da7da3d59bd15a2a5f6c5fda659b03c7a8aa2349cd12ff3acbea21e33e9/work"
}
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:815ca85c5fa5fc9734e54b86290a5b531f58edbee52f416db86a9c491c84fae6",
"sha256:7fba9a5f2f19492584f0a88c1ec49e6b692d45625e746c30aa7cf685472bf64a",
"sha256:9e7e7446d04731f5c8a43b8645b7608e770390082be1058654a8a1156a3c2937",
"sha256:297bab43645d7e03ec1fccafcabf751cf630d363ec2978b2a0e96cd88c4ae885"
]
},
"Labels": {
"architecture": "x86_64",
"build-date": "2023-08-02T19:21:52",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.buildah.version": "1.29.0",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "rhel8/httpd-24",
"release": "274",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server",
"vcs-ref": "dca5db0ef763970268d701b64f8f5b292c83ad16",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Annotations": {},
"ManifestType": "application/vnd.oci.image.manifest.v1+json",
"User": "1001",
"History": [
{
"created": "2023-08-02T16:13:43.413855867Z",
"created_by": "/bin/sh -c #(nop) ADD file:66850d5e06c92b8217827133037551e15038c13d34d93849bbbae9b267ebfcab in / ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.234844694Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.504605478Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821005175Z",
"created_by": "/bin/sh -c #(nop) ADD multi:dad1054d72a3e8b4c584c001e3dcf03e2e308d6704afa67bdb7e61f11a6faa13 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82105276Z",
"created_by": "/bin/sh -c #(nop) LABEL maintainer=\"Red Hat, Inc.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821147126Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.component=\"ubi8-container\" name=\"ubi8\" version=\"8.8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821198865Z",
"created_by": "/bin/sh -c #(nop) LABEL com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82123808Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"Provides the latest release of Red Hat Universal Base Image 8.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821341507Z",
"created_by": "/bin/sh -c #(nop) LABEL description=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821378364Z",
"created_by": "/bin/sh -c #(nop) LABEL io.k8s.display-name=\"Red Hat Universal Base Image 8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821395512Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.expose-services=\"\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.82141745Z",
"created_by": "/bin/sh -c #(nop) LABEL io.openshift.tags=\"base rhel8\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821430402Z",
"created_by": "/bin/sh -c #(nop) ENV container oci",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821470331Z",
"created_by": "/bin/sh -c #(nop) ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:44.821477084Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:45.639824443Z",
"created_by": "/bin/sh -c rm -rf /var/log/*",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334926485Z",
"created_by": "/bin/sh -c mkdir -p /var/log/rhsm",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.334990462Z",
"created_by": "/bin/sh -c #(nop) LABEL release=1032",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.610152303Z",
"created_by": "/bin/sh -c #(nop) ADD file:4eb2d82a9268a2eceef36401799108b9d67f1aaef5a81e0ea744b7f736a98596 in /root/buildinfo/content_manifests/ubi8-container-8.8-1032.json ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867099687Z",
"created_by": "/bin/sh -c #(nop) ADD file:f9f7ba78e28f98ff3613c1dd6e098c454103de4a37a63fc4d55862f10312d4fa in /root/buildinfo/Dockerfile-ubi8-8.8-1032 ",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:46.867356337Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T16:01:51\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"384f2bb33eebab960262e967aa16d01fe2dbebff\" \"io.k8s.description\"=\"The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.8-1032\"",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:47.557027147Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/repo-cdf2d.repo' '/etc/yum.repos.d/repo-a0366.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:48.241582342Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T16:13:50.63687417Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :"
},
{
"created": "2023-08-02T19:01:05.407368965Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:05.679342147Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.02259183Z",
"created_by": "/bin/sh -c #(nop) ADD multi:3f5c8c4d64b5db0697a7385cc48f2881f666419c483f6ec1e4d1d744614af676 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.022701739Z",
"created_by": "/bin/sh -c #(nop) ENV SUMMARY=\"Base image which allows using of source-to-image.\"\t DESCRIPTION=\"The s2i-core image provides any images layered on top of it with all the tools needed to use source-to-image functionality while keeping the image size as small as possible.\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.022863537Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"$SUMMARY\" description=\"$DESCRIPTION\" io.k8s.description=\"$DESCRIPTION\" io.k8s.display-name=\"s2i core\" io.openshift.s2i.scripts-url=image:///usr/libexec/s2i io.s2i.scripts-url=image:///usr/libexec/s2i com.redhat.component=\"s2i-core-container\" name=\"ubi8/s2i-core\" version=\"1\" com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:06.022972368Z",
"created_by": "/bin/sh -c #(nop) ENV STI_SCRIPTS_URL=image:///usr/libexec/s2i STI_SCRIPTS_PATH=/usr/libexec/s2i APP_ROOT=/opt/app-root HOME=/opt/app-root/src PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PLATFORM=\"el8\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.231111747Z",
"created_by": "/bin/sh -c INSTALL_PKGS=\"bsdtar findutils groff-base glibc-locale-source glibc-langpack-en gettext rsync scl-utils tar unzip xz yum\" && mkdir -p ${HOME}/.pki/nssdb && chown -R 1001:0 ${HOME}/.pki && yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && rpm -V $INSTALL_PKGS && yum -y clean all --enablerepo='*'",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.481431284Z",
"created_by": "/bin/sh -c #(nop) COPY dir:71c0a515282f43b566b109699374694cdeb4352e4c27e628626063f27927d535 in / ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.536908356Z",
"created_by": "/bin/sh -c #(nop) WORKDIR ${HOME}",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.596725827Z",
"created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"container-entrypoint\"]",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:51.65396775Z",
"created_by": "/bin/sh -c #(nop) CMD [\"base-usage\"]",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:53.633450279Z",
"created_by": "/bin/sh -c rpm-file-permissions && useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin -c \"Default Application User\" default && chown -R 1001:0 ${APP_ROOT}",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:53.702632017Z",
"created_by": "/bin/sh -c #(nop) LABEL release=428",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.032366342Z",
"created_by": "/bin/sh -c #(nop) ADD file:996086143aea19843a40d33ada72acddbc9d4ae7562cf08a00b835ce6a07446a in /help.1 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.396338736Z",
"created_by": "/bin/sh -c #(nop) ADD file:3e8906aa8e0797083e6dd7a539a10b043474e3b6890c3238694303d94150e29f in /root/buildinfo/content_manifests/s2i-core-container-1-428.json ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.79337732Z",
"created_by": "/bin/sh -c #(nop) ADD file:d48caa1cc245d78dd6528353a5610ee50063b6d07a90bf3a28abc9a9c7a23679 in /root/buildinfo/Dockerfile-ubi8-s2i-core-1-428 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:54.855996692Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T18:59:39\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"e448205c561bd060684f17f24be1aa37cd684887\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/s2i-core/images/1-428\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:55.590684182Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/odcs-2245189-22af1.repo' '/etc/yum.repos.d/repo-cdf2d.repo' '/etc/yum.repos.d/repo-a0366.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:56.288749602Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T19:01:57.431816323Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :",
"comment": "FROM registry-proxy.engineering.redhat.com/rh-osbs/ubi8@sha256:b6616b280ec23c2283ac10e19dd3cd4c8e6df14599f6d93f662ca261273097a9"
},
{
"created": "2023-08-02T19:23:23.217318178Z",
"created_by": "/bin/sh -c mv -f /etc/yum.repos.d/ubi.repo /tmp || :",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:23.544918398Z",
"created_by": "/bin/sh -c #(nop) ADD file:214c1de395c24e4a86ef9a706069ef30a9e804c63f851c37c35655e16fea3ced in /tmp/tls-ca-bundle.pem ",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.004029068Z",
"created_by": "/bin/sh -c #(nop) ADD multi:073e8c365c0d2450c93eb9321e56e4cba88e2d64db28a0fd344136181ecdd941 in /etc/yum.repos.d/ ",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.062106608Z",
"created_by": "/bin/sh -c #(nop) ENV HTTPD_VERSION=2.4",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.136908108Z",
"created_by": "/bin/sh -c #(nop) ENV SUMMARY=\"Platform for running Apache httpd $HTTPD_VERSION or building httpd-based application\" DESCRIPTION=\"Apache httpd $HTTPD_VERSION available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.201751777Z",
"created_by": "/bin/sh -c #(nop) LABEL summary=\"$SUMMARY\" description=\"$DESCRIPTION\" io.k8s.description=\"$DESCRIPTION\" io.k8s.display-name=\"Apache httpd $HTTPD_VERSION\" io.openshift.expose-services=\"8080:http,8443:https\" io.openshift.tags=\"builder,httpd,httpd-24\" name=\"rhel8/httpd-24\" version=\"1\" com.redhat.license_terms=\"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\" com.redhat.component=\"httpd-24-container\" usage=\"s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel8/httpd-24 sample-server\" maintainer=\"SoftwareCollections.org <sclorg@redhat.com>\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.277529506Z",
"created_by": "/bin/sh -c #(nop) EXPOSE 8080",
"empty_layer": true
},
{
"created": "2023-08-02T19:23:24.337113259Z",
"created_by": "/bin/sh -c #(nop) EXPOSE 8443",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:20.803857848Z",
"created_by": "/bin/sh -c yum -y module enable httpd:$HTTPD_VERSION && INSTALL_PKGS=\"gettext hostname nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg\" && yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && rpm -V $INSTALL_PKGS && yum -y clean all --enablerepo='*'",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:20.857401232Z",
"created_by": "/bin/sh -c #(nop) ENV HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ HTTPD_APP_ROOT=${APP_ROOT} HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/httpd.d HTTPD_MAIN_CONF_PATH=/etc/httpd/conf HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d HTTPD_TLS_CERT_PATH=/etc/httpd/tls HTTPD_VAR_RUN=/var/run/httpd HTTPD_DATA_PATH=/var/www HTTPD_DATA_ORIG_PATH=/var/www HTTPD_LOG_PATH=/var/log/httpd",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:21.203386605Z",
"created_by": "/bin/sh -c #(nop) COPY dir:40b6acc2457d0ab2a1c2c94c3e4bb810ebf1edd24fccb1e6cbe4c1c74cd30e46 in $STI_SCRIPTS_PATH ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:21.528926697Z",
"created_by": "/bin/sh -c #(nop) COPY dir:cb1016a859edc82c2d716519ff55dea0ff7705faddf67aebfca078eb75a66f40 in / ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.28502848Z",
"created_by": "/bin/sh -c /usr/libexec/httpd-prepare && rpm-file-permissions",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.354772392Z",
"created_by": "/bin/sh -c #(nop) USER 1001",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.411517758Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/usr/bin/run-httpd\"]",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.466509002Z",
"created_by": "/bin/sh -c #(nop) LABEL release=274",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:23.772894884Z",
"created_by": "/bin/sh -c #(nop) ADD file:5d021381ed47155bf9714ae7abd752df1dabd9107edba5df9f1f1038b56239bf in /help.1 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.101985605Z",
"created_by": "/bin/sh -c #(nop) ADD file:1157282a0b6924574e55500992876aa924219dd7e55ef8ea60d4bc3506a542e0 in /root/buildinfo/content_manifests/httpd-24-container-1-274.json ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.463864855Z",
"created_by": "/bin/sh -c #(nop) ADD file:010744154ffe6e22a284831559cac1b2c22f31f8bf28604703c82df5f63cd587 in /root/buildinfo/Dockerfile-rhel8-httpd-24-1-274 ",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.55081072Z",
"created_by": "/bin/sh -c #(nop) LABEL \"distribution-scope\"=\"public\" \"vendor\"=\"Red Hat, Inc.\" \"build-date\"=\"2023-08-02T19:21:52\" \"architecture\"=\"x86_64\" \"vcs-type\"=\"git\" \"vcs-ref\"=\"dca5db0ef763970268d701b64f8f5b292c83ad16\" \"url\"=\"https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/httpd-24/images/1-274\"",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:24.808038793Z",
"created_by": "/bin/sh -c #(nop) USER root",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:25.734325897Z",
"created_by": "/bin/sh -c rm -f '/etc/yum.repos.d/odcs-2245189-22af1.repo' '/etc/yum.repos.d/odcs-2245411-cf80a.repo' '/etc/yum.repos.d/repo-a0366.repo' '/etc/yum.repos.d/repo-cdf2d.repo'",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:26.654134105Z",
"created_by": "/bin/sh -c rm -f /tmp/tls-ca-bundle.pem",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:26.708566975Z",
"created_by": "/bin/sh -c #(nop) USER 1001",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:26.913425585Z",
"created_by": "/bin/sh -c #(nop) USER root",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:27.733415975Z",
"created_by": "/bin/sh -c mv -fZ /tmp/ubi.repo /etc/yum.repos.d/ubi.repo || :",
"empty_layer": true
},
{
"created": "2023-08-02T19:24:28.959479744Z",
"created_by": "/bin/sh -c #(nop) USER 1001",
"comment": "FROM registry-proxy.engineering.redhat.com/rh-osbs/ubi8-s2i-core@sha256:932469e3fedc7a57013c103515560571650e68f86dafb498c13ca8a2f3034f35"
},
{
"created": "2023-08-19T20:10:25.905836256Z",
"created_by": "/bin/sh",
"comment": "FROM registry.access.redhat.com/ubi8/httpd-24:latest"
}
],
"NamesHistory": [
"localhost/myimage:latest"
]
}
]
Original
$ podman image inspect --format '{{ .Config.Cmd }}' myimage
4.5.1
$ podman image inspect --format '{{ .Config.Cmd }}' myimage
[/usr/bin/run-httpd]
4.6.1
$ podman image inspect --format '{{ .Config.Cmd }}' myimage
[/usr/bin/run-httpd]
Original
$ podman image inspect --format '{{ .Config.StopSignal }}' myimage
4.5.1
$ podman image inspect --format '{{ .Config.StopSignal }}' myimage
4.6.1
$ podman image inspect --format '{{ .Config.StopSignal }}' myimage
Original
$ podman run docker://registry.access.redhat.com/ubi8/httpd-24:latest echo hello
4.5.1
$ podman run docker://registry.access.redhat.com/ubi8/httpd-24:latest echo hello
hello
4.6.1
$ podman run docker://registry.access.redhat.com/ubi8/httpd-24:latest echo hello
hello
Original
$ podman run registry.access.redhat.com/ubi8/httpd-24:latest echo hello
4.5.1
$ podman run registry.access.redhat.com/ubi8/httpd-24:latest echo hello
hello
4.6.1
$ podman run registry.access.redhat.com/ubi8/httpd-24:latest echo hello
hello
Original
$ podman images
4.5.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 51ffb111a83e 12 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
4.6.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 6b05dce7e943 12 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
Original
$ podman push myimage quay.io/rhatdan/myimage
4.5.1
$ podman push myimage quay.io/rhatdan/myimage
Getting image source signatures
Copying blob 9e7e7446d047 [--------------------------------------] 8.0b / 171.3MiB
Copying blob 7fba9a5f2f19 [--------------------------------------] 8.0b / 56.6MiB
Copying blob e9af2776a21c [--------------------------------------] 8.0b / 61.0KiB
Copying blob 815ca85c5fa5 [--------------------------------------] 8.0b / 204.9MiB
Error: writing blob: initiating layer upload to /v2/rhatdan/myimage/blobs/uploads/ in quay.io: unauthorized: access to the requested resource is not authorized
4.6.1
$ podman push myimage quay.io/rhatdan/myimage
Getting image source signatures
Copying blob 815ca85c5fa5 [--------------------------------------] 8.0b / 204.9MiB
Copying blob 297bab43645d [--------------------------------------] 8.0b / 61.0KiB
Copying blob 7fba9a5f2f19 [--------------------------------------] 8.0b / 56.6MiB
Copying blob 9e7e7446d047 [--------------------------------------] 8.0b / 171.3MiB
Error: writing blob: initiating layer upload to /v2/rhatdan/myimage/blobs/uploads/ in quay.io: unauthorized: access to the requested resource is not authorized
Original
$ podman login quay.io
4.5.1
$ podman login quay.io
Username:
Password:
Login Succeeded!
4.6.1
$ podman login quay.io
Username:
Password:
Login Succeeded!
Original
$ cat /run/user/$UID/containers/auth.json
4.5.1
$ cat /run/user/$UID/containers/auth.json
{
"auths": {
"quay.io": {
"auth": ""
}
}
}
4.6.1
$ cat /run/user/$UID/containers/auth.json
{
"auths": {
"quay.io": {
"auth": ""
}
}
}
Original
$ podman logout quay.io
4.5.1
$ podman logout quay.io
Removed login credentials for quay.io
4.6.1
$ podman logout quay.io
Removed login credentials for quay.io
Original
$ podman images
4.5.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 51ffb111a83e 22 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
4.6.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 6b05dce7e943 22 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
Original
$ podman tag myimage quay.io/rhatdan/myimage
$ podman images
4.5.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 51ffb111a83e 23 minutes ago 454 MB
quay.io/rhatdan/myimage latest 51ffb111a83e 23 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
4.6.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 6b05dce7e943 23 minutes ago 454 MB
quay.io/rhatdan/myimage latest 6b05dce7e943 23 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
Original
$ podman login --username rhatdan quay.io
4.5.1
$ podman login --username tnk4on quay.io
Password:
Login Succeeded!
4.6.1
$ podman login --username tnk4on quay.io
Password:
Login Succeeded!
Original
$ podman push quay.io/rhatdan/myimage
Original
$ podman tag quay.io/rhatdan/myimage quay.io/rhatdan/myimage:1.0
$ podman images
4.5.1
$ podman tag quay.io/rhatdan/myimage quay.io/rhatdan/myimage:1.0
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 51ffb111a83e 27 minutes ago 454 MB
quay.io/rhatdan/myimage latest 51ffb111a83e 27 minutes ago 454 MB
quay.io/rhatdan/myimage 1.0 51ffb111a83e 27 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
4.6.1
$ podman tag quay.io/rhatdan/myimage quay.io/rhatdan/myimage:1.0
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 6b05dce7e943 27 minutes ago 454 MB
quay.io/rhatdan/myimage latest 6b05dce7e943 27 minutes ago 454 MB
quay.io/rhatdan/myimage 1.0 6b05dce7e943 27 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
Original
$ podman images
$ podman rmi localhost/myimage
$ podman images
4.5.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 51ffb111a83e 29 minutes ago 454 MB
quay.io/rhatdan/myimage latest 51ffb111a83e 29 minutes ago 454 MB
quay.io/rhatdan/myimage 1.0 51ffb111a83e 29 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
$ podman rmi localhost/myimage
Untagged: localhost/myimage:latest
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage latest 51ffb111a83e 29 minutes ago 454 MB
quay.io/rhatdan/myimage 1.0 51ffb111a83e 29 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
4.6.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 6b05dce7e943 29 minutes ago 454 MB
quay.io/rhatdan/myimage latest 6b05dce7e943 29 minutes ago 454 MB
quay.io/rhatdan/myimage 1.0 6b05dce7e943 29 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
$ podman rmi localhost/myimage
Untagged: localhost/myimage:latest
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage latest 6b05dce7e943 30 minutes ago 454 MB
quay.io/rhatdan/myimage 1.0 6b05dce7e943 30 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
Original
$ podman rmi myimage
$ podman rmi myimage:1.0
$ podman images
- 訳注
1章で実行したコンテナが残っている場合は、myimageの削除前に停止する必要があります。
podman rm -f -t 0 myapp1
4.5.1
$ podman rmi myimage
Untagged: quay.io/rhatdan/myimage:latest
$ podman rmi myimage:1.0
Error: image used by 4c7444695da97b24658dded3a81485b45421598bf6f9ea7cd527c45bd41f97fd: image is in use by a container: consider listing external containers and force-removing image
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4c7444695da9 localhost/myimage:latest /usr/bin/run-http... 30 minutes ago Up 30 minutes 0.0.0.0:8080->8080/tcp myapp1
$ podman rm -f -t 0 myapp1
myapp1
$ podman rmi myimage:1.0
Untagged: quay.io/rhatdan/myimage:1.0
Deleted: 51ffb111a83e7a7f42b94364da61192ea59a317b270045f5b06eeb56233a8246
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
4.6.1
$ podman rmi myimage
Untagged: quay.io/rhatdan/myimage:latest
$ podman rm -f -t 0 myapp1
myapp1
$ podman rmi myimage:1.0
Untagged: quay.io/rhatdan/myimage:1.0
Deleted: 6b05dce7e943c1c4911de822da137028c457173b110ba05d7143035fae18c774
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
Original
$ podman rmi edc479f58484
$ podman rmi edc479f58484 --force
$ podman image prune -a
$ podman images
4.5.1
$ podman pull quay.io/rhatdan/myimage
$ podman tag quay.io/rhatdan/myimage quay.io/rhatdan/myimage:1.0
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
quay.io/rhatdan/myimage 1.0 2c7e43d88038 23 months ago 462 MB
$ podman rmi 2c7e43d88038
Error: unable to delete image "2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae" by ID with more than one tag ([quay.io/rhatdan/myimage:latest quay.io/rhatdan/myimage:1.0]): please force removal
$ podman rmi 2c7e43d88038 --force
Untagged: quay.io/rhatdan/myimage:latest
Untagged: quay.io/rhatdan/myimage:1.0
Deleted: 2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ podman image prune -a
WARNING! This command removes all images without at least one container associated with them.
Are you sure you want to continue? [y/N] y
7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714
81cf3b3bd489ea3dec0a12eabca104c8a851c5e0f60c0b07ac34e7e02e63565e
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
4.6.1
$ podman pull quay.io/rhatdan/myimage
$ podman tag quay.io/rhatdan/myimage quay.io/rhatdan/myimage:1.0
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
registry.access.redhat.com/ubi8 latest 7e569fa199c0 2 weeks ago 215 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
quay.io/rhatdan/myimage 1.0 2c7e43d88038 23 months ago 462 MB
$ podman rmi 2c7e43d88038
Error: unable to delete image "2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae" by ID with more than one tag ([quay.io/rhatdan/myimage:latest quay.io/rhatdan/myimage:1.0]): please force removal
$ podman rmi 2c7e43d88038 --force
Untagged: quay.io/rhatdan/myimage:latest
Untagged: quay.io/rhatdan/myimage:1.0
Deleted: 2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ podman image prune -a
WARNING! This command removes all images without at least one container associated with them.
Are you sure you want to continue? [y/N] y
7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714
81cf3b3bd489ea3dec0a12eabca104c8a851c5e0f60c0b07ac34e7e02e63565e
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
Original
$ podman pull quay.io/rhatdan/myimage
4.5.1
$ podman pull quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob e3460238f8a1 done
Copying blob dfd8c625d022 done
Copying blob a1eadb69adf1 done
Copying blob 2b782a9ad894 done
Copying blob c7765172d3ce done
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
4.6.1
$ podman pull quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob e3460238f8a1 done
Copying blob c7765172d3ce done
Copying blob 2b782a9ad894 done
Copying blob a1eadb69adf1 done
Copying blob dfd8c625d022 done
Copying config 2c7e43d880 done
Writing manifest to image destination
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
Original
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
4.5.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob bea2a0b08f4f done
Copying blob 7822e944d15c done
Copying blob 28eca6c71374 done
Copying config 81cf3b3bd4 done
Writing manifest to image destination
Storing signatures
c57277805d29c47b20667bf87343ed4f2c71ff110541ddb4f2f6252659aa1afe
4.6.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 28eca6c71374 done
Copying blob bea2a0b08f4f done
Copying blob 7822e944d15c done
Copying config 81cf3b3bd4 done
Writing manifest to image destination
Storing signatures
d934d6e136db89c42f46d7402d5ae7376f711711b37982dbb5dc783a40c906e8
Original
$ podman images
4.5.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
4.6.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
Original
$ podman info
4.5.1
$ podman info
host:
arch: amd64
buildahVersion: 1.30.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.96
systemPercent: 0.02
userPercent: 0.01
cpus: 4
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
hostname: fedora38-pia
idMappings:
gidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
uidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
kernel: 6.3.8-200.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 5849300992
memTotal: 8310349824
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.8.5-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.5
commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
rundir: /run/user/1001/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
remoteSocket:
path: /run/user/1001/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 8309960704
swapTotal: 8309960704
uptime: 186h 16m 33.00s (Approximately 7.75 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/shtanaka/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 1
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/shtanaka/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 7200722944
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 2
runRoot: /run/user/1001/containers
transientStore: false
volumePath: /home/shtanaka/.local/share/containers/storage/volumes
version:
APIVersion: 4.5.1
Built: 1685123928
BuiltTime: Sat May 27 02:58:48 2023
GitCommit: ""
GoVersion: go1.20.4
Os: linux
OsArch: linux/amd64
Version: 4.5.1
4.6.1
$ podman info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 98.9
systemPercent: 0.4
userPercent: 0.7
cpus: 2
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
freeLocks: 2047
hostname: fedora-server
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
kernel: 6.2.9-300.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 2142179328
memTotal: 4091457536
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.7.0
package: netavark-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.7.0
ociRuntime:
name: crun
package: crun-1.8.6-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.6
commit: 73f759f4a39769f60990e7d225f561b4f4f06bcf
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20230625.g32660ce-1.fc38.x86_64
version: |
pasta 0^20230625.g32660ce-1.fc38.x86_64
Copyright Red Hat
GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 4090490880
swapTotal: 4090490880
uptime: 0h 36m 48.00s
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 1
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/user/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 3258761216
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 2
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/user/.local/share/containers/storage/volumes
version:
APIVersion: 4.6.1
Built: 1691705273
BuiltTime: Fri Aug 11 07:07:53 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.1
Original
$ podman pull rhatdan/myimage
$ podman pull quay.io/rhatdan/myimage
4.5.1
$ podman pull rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob dfd8c625d022 skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying blob e3460238f8a1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ podman pull quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob c7765172d3ce skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying blob e3460238f8a1 skipped: already exists
Copying blob dfd8c625d022 skipped: already exists
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
4.6.1
$ podman pull rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob dfd8c625d022 skipped: already exists
Copying blob e3460238f8a1 skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying config 2c7e43d880 done
Writing manifest to image destination
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ podman pull quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob e3460238f8a1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob dfd8c625d022 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying config 2c7e43d880 done
Writing manifest to image destination
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
Original
$ podman create -p 8080:8080 ubi8/httpd-24
- 注釈
イメージストレージにubi8/httpd-24がある場合は事前に削除をします
podman rmi -f ubi8/httpd-24
4.5.1
$ podman create -p 8080:8080 ubi8/httpd-24
? Please select an image:
registry.fedoraproject.org/ubi8/httpd-24:latest
▸ registry.access.redhat.com/ubi8/httpd-24:latest
docker.io/ubi8/httpd-24:latest
quay.io/ubi8/httpd-24:latest
4.6.1
$ podman create -p 8080:8080 ubi8/httpd-24
? Please select an image:
registry.fedoraproject.org/ubi8/httpd-24:latest
▸ registry.access.redhat.com/ubi8/httpd-24:latest
docker.io/ubi8/httpd-24:latest
quay.io/ubi8/httpd-24:latest
Original
$ cat /etc/containers/registries.conf.d/000-shortnames.conf
4.5.1
$ cat /etc/containers/registries.conf.d/000-shortnames.conf
[aliases]
# almalinux
"almalinux" = "docker.io/library/almalinux"
"almalinux-minimal" = "docker.io/library/almalinux-minimal"
# Amazon Linux
"amazonlinux" = "public.ecr.aws/amazonlinux/amazonlinux"
# Arch Linux
"archlinux" = "docker.io/library/archlinux"
# centos
"centos" = "quay.io/centos/centos"
# containers
"skopeo" = "quay.io/skopeo/stable"
"buildah" = "quay.io/buildah/stable"
"podman" = "quay.io/podman/stable"
"hello" = "quay.io/podman/hello"
"hello-world" = "quay.io/podman/hello"
# docker
"alpine" = "docker.io/library/alpine"
"docker" = "docker.io/library/docker"
"registry" = "docker.io/library/registry"
"swarm" = "docker.io/library/swarm"
# Fedora
"fedora-minimal" = "registry.fedoraproject.org/fedora-minimal"
"fedora" = "registry.fedoraproject.org/fedora"
# openSUSE
"opensuse/tumbleweed" = "registry.opensuse.org/opensuse/tumbleweed"
"opensuse/tumbleweed-dnf" = "registry.opensuse.org/opensuse/tumbleweed-dnf"
"opensuse/tumbleweed-microdnf" = "registry.opensuse.org/opensuse/tumbleweed-microdnf"
"opensuse/leap" = "registry.opensuse.org/opensuse/leap"
"opensuse/busybox" = "registry.opensuse.org/opensuse/busybox"
"tumbleweed" = "registry.opensuse.org/opensuse/tumbleweed"
"tumbleweed-dnf" = "registry.opensuse.org/opensuse/tumbleweed-dnf"
"tumbleweed-microdnf" = "registry.opensuse.org/opensuse/tumbleweed-microdnf"
"leap" = "registry.opensuse.org/opensuse/leap"
"leap-dnf" = "registry.opensuse.org/opensuse/leap-dnf"
"leap-microdnf" = "registry.opensuse.org/opensuse/leap-microdnf"
"tw-busybox" = "registry.opensuse.org/opensuse/busybox"
# SUSE
"suse/sle15" = "registry.suse.com/suse/sle15"
"suse/sles12sp5" = "registry.suse.com/suse/sles12sp5"
"suse/sles12sp4" = "registry.suse.com/suse/sles12sp4"
"suse/sles12sp3" = "registry.suse.com/suse/sles12sp3"
"sle15" = "registry.suse.com/suse/sle15"
"sles12sp5" = "registry.suse.com/suse/sles12sp5"
"sles12sp4" = "registry.suse.com/suse/sles12sp4"
"sles12sp3" = "registry.suse.com/suse/sles12sp3"
"bci/bci-base" = "registry.suse.com/bci/bci-base"
"bci/bci-micro" = "registry.suse.com/bci/bci-micro"
"bci/bci-minimal" = "registry.suse.com/bci/bci-minimal"
"bci/bci-busybox" = "registry.suse.com/bci/bci-busybox"
# Red Hat Enterprise Linux
"rhel" = "registry.access.redhat.com/rhel"
"rhel6" = "registry.access.redhat.com/rhel6"
"rhel7" = "registry.access.redhat.com/rhel7"
"rhel7.9" = "registry.access.redhat.com/rhel7.9"
"rhel-atomic" = "registry.access.redhat.com/rhel-atomic"
"rhel-minimal" = "registry.access.redhat.com/rhel-minimum"
"rhel-init" = "registry.access.redhat.com/rhel-init"
"rhel7-atomic" = "registry.access.redhat.com/rhel7-atomic"
"rhel7-minimal" = "registry.access.redhat.com/rhel7-minimum"
"rhel7-init" = "registry.access.redhat.com/rhel7-init"
"rhel7/rhel" = "registry.access.redhat.com/rhel7/rhel"
"rhel7/rhel-atomic" = "registry.access.redhat.com/rhel7/rhel7/rhel-atomic"
"ubi7/ubi" = "registry.access.redhat.com/ubi7/ubi"
"ubi7/ubi-minimal" = "registry.access.redhat.com/ubi7-minimal"
"ubi7/ubi-init" = "registry.access.redhat.com/ubi7-init"
"ubi7" = "registry.access.redhat.com/ubi7"
"ubi7-init" = "registry.access.redhat.com/ubi7-init"
"ubi7-minimal" = "registry.access.redhat.com/ubi7-minimal"
"rhel8" = "registry.access.redhat.com/ubi8"
"rhel8-init" = "registry.access.redhat.com/ubi8-init"
"rhel8-minimal" = "registry.access.redhat.com/ubi8-minimal"
"rhel8-micro" = "registry.access.redhat.com/ubi8-micro"
"ubi8" = "registry.access.redhat.com/ubi8"
"ubi8-minimal" = "registry.access.redhat.com/ubi8-minimal"
"ubi8-init" = "registry.access.redhat.com/ubi8-init"
"ubi8-micro" = "registry.access.redhat.com/ubi8-micro"
"ubi8/ubi" = "registry.access.redhat.com/ubi8/ubi"
"ubi8/ubi-minimal" = "registry.access.redhat.com/ubi8-minimal"
"ubi8/ubi-init" = "registry.access.redhat.com/ubi8-init"
"ubi8/ubi-micro" = "registry.access.redhat.com/ubi8-micro"
"ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
"ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
"ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
"rhel9" = "registry.access.redhat.com/ubi9"
"rhel9-init" = "registry.access.redhat.com/ubi9-init"
"rhel9-minimal" = "registry.access.redhat.com/ubi9-minimal"
"rhel9-micro" = "registry.access.redhat.com/ubi9-micro"
"ubi9" = "registry.access.redhat.com/ubi9"
"ubi9-minimal" = "registry.access.redhat.com/ubi9-minimal"
"ubi9-init" = "registry.access.redhat.com/ubi9-init"
"ubi9-micro" = "registry.access.redhat.com/ubi9-micro"
"ubi9/ubi" = "registry.access.redhat.com/ubi9/ubi"
"ubi9/ubi-minimal" = "registry.access.redhat.com/ubi9-minimal"
"ubi9/ubi-init" = "registry.access.redhat.com/ubi9-init"
"ubi9/ubi-micro" = "registry.access.redhat.com/ubi9-micro"
"ubi9/podman" = "registry.access.redhat.com/ubi9/podman"
"ubi9/buildah" = "registry.access.redhat.com/ubi9/buildah"
"ubi9/skopeo" = "registry.access.redhat.com/ubi9/skopeo"
# Rocky Linux
"rockylinux" = "docker.io/library/rockylinux"
# Debian
"debian" = "docker.io/library/debian"
# Kali Linux
"kali-bleeding-edge" = "docker.io/kalilinux/kali-bleeding-edge"
"kali-dev" = "docker.io/kalilinux/kali-dev"
"kali-experimental" = "docker.io/kalilinux/kali-experimental"
"kali-last-release" = "docker.io/kalilinux/kali-last-release"
"kali-rolling" = "docker.io/kalilinux/kali-rolling"
# Ubuntu
"ubuntu" = "docker.io/library/ubuntu"
# Oracle Linux
"oraclelinux" = "container-registry.oracle.com/os/oraclelinux"
# busybox
"busybox" = "docker.io/library/busybox"
# php
"php" = "docker.io/library/php"
# python
"python" = "docker.io/library/python"
# rust
"rust" = "docker.io/library/rust"
# node
"node" = "docker.io/library/node"
Original
$ podman search registry.access.redhat.com/httpd
4.5.1
$ podman search registry.access.redhat.com/httpd
NAME DESCRIPTION
registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server
registry.access.redhat.com/ubi8/httpd-24 Platform for running Apache httpd 2.4 or bui...
registry.access.redhat.com/ubi9/httpd-24 rhcc_registry.access.redhat.com_ubi9/httpd-2...
registry.access.redhat.com/cloudforms46-beta/cfme-openshift-httpd CloudForms is a management and automation pl...
registry.access.redhat.com/cloudforms46/cfme-openshift-httpd Web Server image for a multi-pod Red Hat® C...
registry.access.redhat.com/rhmap45/httpd Provides an extension to the RHSCL Httpd ima...
registry.access.redhat.com/rhmap44/httpd Provides an extension to the RHSCL Httpd Doc...
registry.access.redhat.com/rhmap43/httpd Provides an extension to the RHSCL Httpd Doc...
registry.access.redhat.com/rhmap42/httpd Provides an extension to the RHSCL Httpd Doc...
registry.access.redhat.com/rhmap47/httpd Provides an extension to the RHSCL Httpd ima...
registry.access.redhat.com/rhmap46/httpd Provides an extension to the RHSCL Httpd ima...
registry.access.redhat.com/cloudforms47/cfme-openshift-httpd CloudForms 4.7 APP image for OpenShift
registry.access.redhat.com/rhscl/varnish-4-rhel7 Varnish 4 high-performance HTTP accelerator
registry.access.redhat.com/rhscl/varnish-6-rhel7 Varnish available as container is a base pla...
registry.access.redhat.com/openshift3/ose-egress-http-proxy This is the egress router HTTP proxy for Ope...
registry.access.redhat.com/rhscl/varnish-5-rhel7 Varnish available as container is a base pla...
registry.access.redhat.com/openshift3/prometheus-alert-buffer A small server that saves incoming webhook J...
registry.access.redhat.com/openshift3/ose-f5-router The F5 router plug-in integrates with an exi...
registry.access.redhat.com/openshift3/ose-haproxy-router Default router implementation for OpenShift...
registry.access.redhat.com/cloudforms46/cfme-httpd-configmap-generator External Authentication configuration mappin...
registry.access.redhat.com/cloudforms46-beta/cfme-httpd-configmap-generator CloudForms is a management and automation pl...
registry.access.redhat.com/cloudforms47/cfme-httpd-configmap-generator CloudForms 4.7 APP image for OpenShift
registry.access.redhat.com/rhscl/s2i-core-rhel7 The s2i core container image serves as a bas...
registry.access.redhat.com/rhscl/nginx-112-rhel7 Nginx is a web server and a reverse proxy se...
registry.access.redhat.com/cloudforms46/cfme-openshift-app Red Hat® CloudForms Appliance image to be u...
4.6.1
$ podman search registry.access.redhat.com/httpd
NAME DESCRIPTION
registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server
registry.access.redhat.com/ubi9/httpd-24 rhcc_registry.access.redhat.com_ubi9/httpd-2...
registry.access.redhat.com/ubi8/httpd-24 Platform for running Apache httpd 2.4 or bui...
registry.access.redhat.com/rhmap45/httpd Provides an extension to the RHSCL Httpd ima...
registry.access.redhat.com/rhmap44/httpd Provides an extension to the RHSCL Httpd Doc...
registry.access.redhat.com/cloudforms46-beta/cfme-openshift-httpd CloudForms is a management and automation pl...
registry.access.redhat.com/cloudforms46/cfme-openshift-httpd Web Server image for a multi-pod Red Hat® C...
registry.access.redhat.com/rhmap42/httpd Provides an extension to the RHSCL Httpd Doc...
registry.access.redhat.com/rhmap46/httpd Provides an extension to the RHSCL Httpd ima...
registry.access.redhat.com/cloudforms47/cfme-openshift-httpd CloudForms 4.7 APP image for OpenShift
registry.access.redhat.com/rhmap43/httpd Provides an extension to the RHSCL Httpd Doc...
registry.access.redhat.com/rhscl/varnish-4-rhel7 Varnish 4 high-performance HTTP accelerator
registry.access.redhat.com/rhmap47/httpd Provides an extension to the RHSCL Httpd ima...
registry.access.redhat.com/rhscl/varnish-6-rhel7 Varnish available as container is a base pla...
registry.access.redhat.com/openshift3/ose-egress-http-proxy This is the egress router HTTP proxy for Ope...
registry.access.redhat.com/rhscl/varnish-5-rhel7 Varnish available as container is a base pla...
registry.access.redhat.com/openshift3/prometheus-alert-buffer A small server that saves incoming webhook J...
registry.access.redhat.com/openshift3/ose-f5-router The F5 router plug-in integrates with an exi...
registry.access.redhat.com/openshift3/ose-haproxy-router Default router implementation for OpenShift...
registry.access.redhat.com/cloudforms46-beta/cfme-httpd-configmap-generator CloudForms is a management and automation pl...
registry.access.redhat.com/cloudforms46/cfme-httpd-configmap-generator External Authentication configuration mappin...
registry.access.redhat.com/cloudforms47/cfme-httpd-configmap-generator CloudForms 4.7 APP image for OpenShift
registry.access.redhat.com/rhscl/s2i-core-rhel7 The s2i core container image serves as a bas...
registry.access.redhat.com/rhscl/nginx-112-rhel7 Nginx is a web server and a reverse proxy se...
registry.access.redhat.com/cloudforms46/cfme-openshift-app Red Hat® CloudForms Appliance image to be u...
Original
$ podman mount quay.io/rhatdan/myimage
4.5.1
$ podman mount quay.io/rhatdan/myimage
Error: cannot run command "podman mount" in rootless mode, must execute `podman unshare` first
4.6.1
$ podman mount quay.io/rhatdan/myimage
Error: cannot run command "podman mount" in rootless mode, must execute `podman unshare` first
Original
$ podman unshare
# mnt=$(podman image mount quay.io/rhatdan/myimage)
# cat $mnt/var/www/html/index.html
# podman image unmount quay.io/rhatdan/myimage
# exit
4.5.1
$ podman unshare
#
# mnt=$(podman image mount quay.io/rhatdan/myimage)
# cat $mnt/var/www/html/index.html
<html>
<head>
</head>
<body>
<h1>Hello World<h1>
</body>
</html>
# podman image unmount quay.io/rhatdan/myimage
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
# exit
exit
4.6.1
$ podman unshare
#
# mnt=$(podman image mount quay.io/rhatdan/myimage)
# cat $mnt/var/www/html/index.html
<html>
<head>
</head>
<body>
<h1>Hello World<h1>
</body>
</html>
# podman image unmount quay.io/rhatdan/myimage
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
# exit
exit
Original
$ man podman-image
4.5.1
$ man podman-image
4.6.1
$ man podman-image
Original
$ mkdir myapp
$ cat > myapp/index.html << _EOF
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
_EOF
$ cat > myapp/Containerfile << _EOF
FROM ubi8/httpd-24
COPY index.html /var/www/html/index.html
_EOF
4.5.1
$ mkdir myapp
$ cat > myapp/index.html << _EOF
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
_EOF
$ cat > myapp/Containerfile << _EOF
FROM ubi8/httpd-24
COPY index.html /var/www/html/index.html
_EOF
4.6.1
$ mkdir myapp
$ cat > myapp/index.html << _EOF
<html>
<head>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
_EOF
$ cat > myapp/Containerfile << _EOF
FROM ubi8/httpd-24
COPY index.html /var/www/html/index.html
_EOF
Original
$ podman build -t quay.io/rhatdan/myimage ./myapp
4.5.1
$ podman build -t quay.io/rhatdan/myimage ./myapp
STEP 1/2: FROM ubi8/httpd-24
STEP 2/2: COPY index.html /var/www/html/index.html
COMMIT quay.io/rhatdan/myimage
--> b4607342e2fc
Successfully tagged quay.io/rhatdan/myimage:latest
b4607342e2fc6967509c2243cb7292972ec0b07c99a880448ea4f8a2cf891a13
4.6.1
$ podman build -t quay.io/rhatdan/myimage ./myapp
STEP 1/2: FROM ubi8/httpd-24
STEP 2/2: COPY index.html /var/www/html/index.html
COMMIT quay.io/rhatdan/myimage
--> 5526165b9e04
Successfully tagged quay.io/rhatdan/myimage:latest
5526165b9e048788d6725c9591438016d534ac440e8e181073eb3c73810f7b7a
Original
$ cat > myapp/automate.sh << _EOF
#!/bin/bash
podman build -t quay.io/rhatdan/myimage ./myapp
podman push quay.io/rhatdan/myimage
_EOF
$ chmod +x myapp/automate.sh
$ podman images
4.5.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage latest b4607342e2fc 2 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
<none> <none> 2c7e43d88038 23 months ago 462 MB
4.6.1
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage latest 5526165b9e04 2 minutes ago 454 MB
registry.access.redhat.com/ubi8/httpd-24 latest 81cf3b3bd489 2 weeks ago 454 MB
<none> <none> 2c7e43d88038 23 months ago 462 MB
Original
$ mkdir html
$ cat > html/index.html << _EOF
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
_EOF
$ podman run -d -v ./html:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
$ podman rm --latest --force
$ rm -rf html
4.5.1
$ mkdir html
$ cat > html/index.html << _EOF
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
_EOF
$ podman run -d -v ./html:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
2af4332a1e8e113dcfc5d4ea36bd26633b0cca9f00e0d343d6e03ad980fc74ce
$ podman rm --latest --force
be93fe11405e56873593c34757f0c05d7ae915bdf81530c030aaceab1743bb53
$ rm -rf html
4.6.1
$ mkdir html
$ cat > html/index.html << _EOF
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
_EOF
$ podman run -d -v ./html:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
be93fe11405e56873593c34757f0c05d7ae915bdf81530c030aaceab1743bb53
$ podman rm --latest --force
be93fe11405e56873593c34757f0c05d7ae915bdf81530c030aaceab1743bb53
$ rm -rf html
Original
$ podman volume create webdata
$ podman volume inspect webdata
4.5.1
$ podman volume create webdata
webdata
$ podman volume inspect webdata
[
{
"Name": "webdata",
"Driver": "local",
"Mountpoint": "/home/shtanaka/.local/share/containers/storage/volumes/webdata/_data",
"CreatedAt": "2023-08-21T14:14:03.159322822+09:00",
"Labels": {},
"Scope": "local",
"Options": {},
"MountCount": 0,
"NeedsCopyUp": true,
"NeedsChown": true
}
]
4.6.1
$ podman volume create webdata
webdata
$ podman volume inspect webdata
[
{
"Name": "webdata",
"Driver": "local",
"Mountpoint": "/home/user/.local/share/containers/storage/volumes/webdata/_data",
"CreatedAt": "2023-08-21T14:14:34.307673373+09:00",
"Labels": {}, "Scope": "local",
"Options": {},
"MountCount": 0,
"NeedsCopyUp": true,
"NeedsChown": true,
"LockNumber": 1
}
]
Original
$ cat > /home/dwalsh/.local/share/containers/storage/volumes/webdata/_data/index.html << _EOL
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
_EOL
$ podman run -d -v webdata:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
4.5.1
$ cat > /home/shtanaka/.local/share/containers/storage/volumes/webdata/_data/index.html << _EOL
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
_EOL
$ podman run -d -v webdata:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
23dcc00f2e4ee91ac8ac867a9b8626b1efebff9ea4a44048d55a73c9ae4cbe7a
$ curl localhost:8080
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
4.6.1
$ cat > /home/user/.local/share/containers/storage/volumes/webdata/_data/index.html << _EOL
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
_EOL
$ podman run -d -v webdata:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
b8a87b861cb9b3bd31f7f1144d250f53a5cc8630bc151e2ace7d35169a72d94f
$ curl localhost:8080
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
Original
$ podman stop -t 0 2155761b628c
$ podman volume rm --force webdata
$ podman volume list
4.5.1
$ podman stop -t 0 23dcc00f2e4e
23dcc00f2e4e
$ podman volume rm --force webdata
webdata
$ podman volume list
4.6.1
$ podman stop -t 0 b8a87b861cb9
b8a87b861cb9
$ podman volume rm --force webdata
webdata
$ podman volume list
Original
$ podman run -d -v webdata1:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
$ podman volume list
$ podman volume rm --force webdata1
4.5.1
$ podman run -d -v webdata1:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
e1375fd0f30cd908157f056e05962821498334f2912deb5511dce5f17a092db3
$ podman volume list
DRIVER VOLUME NAME
local webdata1
$ podman volume rm --force webdata1
webdata1
4.6.1
$ podman run -d -v webdata1:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
dd0d9410e2469b3efde3f3ae6ef203f743552a3a683452f0273e048ec55c060d
$ podman volume list
DRIVER VOLUME NAME
local webdata1
$ podman volume rm --force webdata1
webdata1
Original
$ podman run -d -v ./html:/var/www/html:ro,z -p 8080:8080 quay.io/rhatdan/myimage
- 3.1でhtmlディレクトリを削除しているのでそのまま実行するとエラーになる
Original
$ podman unshare cat /proc/self/uid_map
$ podman unshare chown 60:60 ./html
$ podman run docker.io/mariadb grep mysql /etc/passwd
4.5.1
$ mkdir html
$ podman unshare cat /proc/self/uid_map
0 1001 1
1 589824 65536
$ podman unshare chown 60:60 ./html
$ podman run docker.io/mariadb grep mysql /etc/passwd
mysql:x:999:999::/home/mysql:/bin/sh
4.6.1
$ mkdir html
$ podman unshare cat /proc/self/uid_map
0 1001 1
1 589824 65536
$ podman unshare chown 60:60 ./html
$ podman run docker.io/mariadb grep mysql /etc/passwd
mysql:x:999:999::/home/mysql:/bin/sh
Original
$ mkdir mariadb
$ ls -ld mariadb/
$ podman run --user mysql -v ./mariadb:/var/lib/mariadb:U docker.io/mariadb ls -ld /var/lib/
$ podman run --security-opt label=disable -v /home/dwalsh:/home/dwalsh -p 8080:8080 quay.io/rhatdan/myimage
4.5.1
$ mkdir mariadb
$ ls -ld mariadb/
drwxr-xr-x. 2 shtanaka shtanaka 6 Aug 21 14:48 mariadb/
$ podman run --user mysql -v ./mariadb:/var/lib/mariadb:U docker.io/mariadb ls -ld /var/lib/
drwxr-xr-x. 1 root root 21 Aug 21 05:49 /var/lib/
$ podman run --security-opt label=disable -v /home/shtanaka:/home/shtanaka -p 8080:8080 quay.io/rhatdan/myimage
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
---> Generating SSL key pair for httpd...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Mon Aug 21 05:53:31.656320 2023] [ssl:warn] [pid 1:tid 140562470194624] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 21 05:53:31.656667 2023] [:notice] [pid 1:tid 140562470194624] ModSecurity for Apache/2.9.6 (http://www.modsecurity.org/) configured.
[Mon Aug 21 05:53:31.656676 2023] [:notice] [pid 1:tid 140562470194624] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Mon Aug 21 05:53:31.656679 2023] [:notice] [pid 1:tid 140562470194624] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
[Mon Aug 21 05:53:31.656686 2023] [:notice] [pid 1:tid 140562470194624] ModSecurity: LUA compiled version="Lua 5.3"
[Mon Aug 21 05:53:31.656687 2023] [:notice] [pid 1:tid 140562470194624] ModSecurity: YAJL compiled version="2.1.0"
[Mon Aug 21 05:53:31.656688 2023] [:notice] [pid 1:tid 140562470194624] ModSecurity: LIBXML compiled version="2.9.7"
[Mon Aug 21 05:53:31.656690 2023] [:notice] [pid 1:tid 140562470194624] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Mon Aug 21 05:53:31.735062 2023] [ssl:warn] [pid 1:tid 140562470194624] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 21 05:53:31.735189 2023] [lbmethod_heartbeat:notice] [pid 1:tid 140562470194624] AH02282: No slotmem from mod_heartmonitor
[Mon Aug 21 05:53:31.743039 2023] [mpm_event:notice] [pid 1:tid 140562470194624] AH00489: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k configured -- resuming normal operations
[Mon Aug 21 05:53:31.743063 2023] [core:notice] [pid 1:tid 140562470194624] AH00094: Command line: 'httpd -D FOREGROUND'
4.6.1
$ mkdir mariadb
$ ls -ld mariadb/
drwxr-xr-x. 2 user user 6 8月 21 14:47 mariadb/
$ podman run --user mysql -v ./mariadb:/var/lib/mariadb:U docker.io/mariadb ls -ld /var/lib/
drwxr-xr-x. 1 root root 21 Aug 21 05:47 /var/lib/
$ podman run --security-opt label=disable -v /home/user:/home/user -p 8080:8080 quay.io/rhatdan/myimage
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
---> Generating SSL key pair for httpd...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Mon Aug 21 05:55:38.635355 2023] [ssl:warn] [pid 1:tid 140300814351808] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 21 05:55:38.635497 2023] [:notice] [pid 1:tid 140300814351808] ModSecurity for Apache/2.9.6 (http://www.modsecurity.org/) configured.
[Mon Aug 21 05:55:38.635500 2023] [:notice] [pid 1:tid 140300814351808] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Mon Aug 21 05:55:38.635503 2023] [:notice] [pid 1:tid 140300814351808] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
[Mon Aug 21 05:55:38.635512 2023] [:notice] [pid 1:tid 140300814351808] ModSecurity: LUA compiled version="Lua 5.3"
[Mon Aug 21 05:55:38.635513 2023] [:notice] [pid 1:tid 140300814351808] ModSecurity: YAJL compiled version="2.1.0"
[Mon Aug 21 05:55:38.635514 2023] [:notice] [pid 1:tid 140300814351808] ModSecurity: LIBXML compiled version="2.9.7"
[Mon Aug 21 05:55:38.635516 2023] [:notice] [pid 1:tid 140300814351808] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Mon Aug 21 05:55:38.715942 2023] [ssl:warn] [pid 1:tid 140300814351808] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 21 05:55:38.716198 2023] [lbmethod_heartbeat:notice] [pid 1:tid 140300814351808] AH02282: No slotmem from mod_heartmonitor
[Mon Aug 21 05:55:38.721065 2023] [mpm_event:notice] [pid 1:tid 140300814351808] AH00489: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k configured -- resuming normal operations
[Mon Aug 21 05:55:38.721081 2023] [core:notice] [pid 1:tid 140300814351808] AH00094: Command line: 'httpd -D FOREGROUND'
Original
$ podman pod create -p 8080:8080 --name mypod --volume ./html:/var/www/html:z
- 訳注
3.1.2でhtmlディレクトリの所有権を変更している場合はhtmlフォルダを再作成してください。
$ podman unshare rm -rf html
$ mkdir html
4.5.1
$ podman unshare rm -rf html
$ mkdir html
$ podman pod create -p 8080:8080 --name mypod --volume ./html:/var/www/html:z
f9a87ec0b857e4e1434f1efa47ff5d41455b7bb96a598fb8165b52f8199d34d5
4.6.1
$ podman unshare rm -rf html
$ mkdir html
$ podman pod create -p 8080:8080 --name mypod --volume ./html:/var/www/html:z
5a75e8c76bc54a0f9ecda7cb0b633053ca50cbf34da3506c79304bb5816b315f
Original
$ podman create --pod mypod --name myapp quay.io/rhatdan/myimage
4.5.1
$ podman create --pod mypod --name myapp quay.io/rhatdan/myimage
4ec506ff5462ea2aba2e38204d666f8c88287e85965c3a430b9cbe9ac762f179
4.6.1
$ podman create --pod mypod --name myapp quay.io/rhatdan/myimage
0dc37530b45d18f964cfd484f73bae0225b16fbd8d81c2b14b9f246ff96e7d5b
Original
$ cat > html/time.sh << _EOL
#!/bin/sh
data() {
echo "<html><head></head><body><h1>"; date;echo "Hello World</h1></body></html>"
sleep 1
}
while true; do
data > index.html
done
_EOL
4.5.1
$ cat > html/time.sh << _EOL
#!/bin/sh
data() {
echo "<html><head></head><body><h1>"; date;echo "Hello World</h1></body></html>"
sleep 1
}
while true; do
data > index.html
done
_EOL
4.6.1
$ cat > html/time.sh << _EOL
#!/bin/sh
data() {
echo "<html><head></head><body><h1>"; date;echo "Hello World</h1></body></html>"
sleep 1
}
while true; do
data > index.html
done
_EOL
Original
$ chmod +x html/time.sh
$ podman create --pod mypod --name time --workdir /var/www/html ubi8 ./time.sh
4.5.1
$ chmod +x html/time.sh
$ podman create --pod mypod --name time --workdir /var/www/html ubi8 ./time.sh
Resolved "ubi8" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob bea2a0b08f4f skipped: already exists
Copying config 7e569fa199 done
Writing manifest to image destination
Storing signatures
0d450001b891ccf0d451d9dd502e46a9fd6c33460dbb16078bdbfd8c322434ed
4.6.1
$ podman create --pod mypod --name time --workdir /var/www/html ubi8 ./time.sh
Resolved "ubi8" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob bea2a0b08f4f skipped: already exists
Copying config 7e569fa199 done
Writing manifest to image destination
Storing signatures
0ea63953bd954efa63ad546789cb86afac09974cc59d6caa45a6c2b765dd34d8
Original
$ podman pod start mypod
$ podman ps
4.5.1
$ podman pod start mypod
f9a87ec0b857e4e1434f1efa47ff5d41455b7bb96a598fb8165b52f8199d34d5
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37caa4c14929 localhost/podman-pause:4.5.1-1685123928 23 hours ago Up About a minute 0.0.0.0:8080->8080/tcp f9a87ec0b857-infra
4ec506ff5462 quay.io/rhatdan/myimage:latest /usr/bin/run-http... 23 hours ago Up About a minute 0.0.0.0:8080->8080/tcp myapp
0d450001b891 registry.access.redhat.com/ubi8:latest ./time.sh 5 minutes ago Up About a minute 0.0.0.0:8080->8080/tcp time
4.6.1
$ podman pod start mypod
5a75e8c76bc54a0f9ecda7cb0b633053ca50cbf34da3506c79304bb5816b315f
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dacbf1e136e2 localhost/podman-pause:4.6.1-1691705273 23 hours ago Up 43 seconds 0.0.0.0:8080->8080/tcp 5a75e8c76bc5-infra
0dc37530b45d quay.io/rhatdan/myimage:latest /usr/bin/run-http... 23 hours ago Up 43 seconds 0.0.0.0:8080->8080/tcp myapp
0ea63953bd95 registry.access.redhat.com/ubi8:latest ./time.sh 4 minutes ago Up 43 seconds 0.0.0.0:8080->8080/tcp time
Original
$ podman pod stop mypod
$ podman ps
4.5.1
$ podman pod stop mypod
WARN[0010] StopSignal SIGTERM failed to stop container time in 10 seconds, resorting to SIGKILL
f9a87ec0b857e4e1434f1efa47ff5d41455b7bb96a598fb8165b52f8199d34d5
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4.6.1
$ podman pod stop mypod
WARN[0010] StopSignal SIGTERM failed to stop container time in 10 seconds, resorting to SIGKILL
5a75e8c76bc54a0f9ecda7cb0b633053ca50cbf34da3506c79304bb5816b315f
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Original
$ podman pod list
4.5.1
$ podman pod list
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
f9a87ec0b857 mypod Exited 23 hours ago 37caa4c14929 3
4.6.1
$ podman pod list
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
5a75e8c76bc5 mypod Exited 23 hours ago dacbf1e136e2 3
4.5.1
$ podman ps --all --format "{{.ID}} {{.Image}} {{.Pod}}"
37caa4c14929 localhost/podman-pause:4.5.1-1685123928 f9a87ec0b857
4ec506ff5462 quay.io/rhatdan/myimage:latest f9a87ec0b857
0d450001b891 registry.access.redhat.com/ubi8:latest f9a87ec0b857
$ podman pod rm mypod
f9a87ec0b857e4e1434f1efa47ff5d41455b7bb96a598fb8165b52f8199d34d5
$ podman pod ls
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
$ podman ps -a --format "{{.ID}} {{.Image}}"
4.6.1
$ podman ps --all --format "{{.ID}} {{.Image}} {{.Pod}}"
dacbf1e136e2 localhost/podman-pause:4.6.1-1691705273 5a75e8c76bc5
0dc37530b45d quay.io/rhatdan/myimage:latest 5a75e8c76bc5
0ea63953bd95 registry.access.redhat.com/ubi8:latest 5a75e8c76bc5
$ podman pod rm mypod
5a75e8c76bc54a0f9ecda7cb0b633053ca50cbf34da3506c79304bb5816b315f
$ podman pod ls
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
$ podman ps -a --format "{{.ID}} {{.Image}}"
Original
$ podman info --format '{{ .Store.ConfigFile }}'
4.5.1
$ podman info --format '{{ .Store.ConfigFile }}'
/home/shtanaka/.config/containers/storage.conf
4.6.1
$ podman info --format '{{ .Store.ConfigFile }}'
/home/user/.config/containers/storage.conf
Original
$ sudo cp /usr/share/containers/storage.conf /etc/containers/storage.conf
4.5.1
$ sudo cp /usr/share/containers/storage.conf /etc/containers/storage.conf
4.6.1
$ sudo cp /usr/share/containers/storage.conf /etc/containers/storage.conf
Original
$ sudo cp /etc/containers/storage.conf /etc/containers/storage.conf.orig
$ sudo vi /etc/containers/storage.conf
$ grep -B 1 graph /etc/containers/storage.conf
$ sudo podman info
4.5.1
$ sudo cp /etc/containers/storage.conf /etc/containers/storage.conf.orig
$ sudo vi /etc/containers/storage.conf
graphroot="/var/mystorage"
$ grep -B 1 graph /etc/containers/storage.conf
# Primary Read/Write location of container storage
# When changing the graphroot location on an SELINUX system, you must
--
# restorecon -R -v /NEWSTORAGEPATH
#graphroot = "/var/lib/containers/storage"
graphroot="/var/mystorage"
$ sudo podman info
host:
arch: amd64
buildahVersion: 1.30.0
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
- misc
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.96
systemPercent: 0.03
userPercent: 0.02
cpus: 4
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
hostname: fedora38-pia
idMappings:
gidmap: null
uidmap: null
kernel: 6.3.8-200.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 5446123520
memTotal: 8310349824
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.8.5-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.5
commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
rundir: /run/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 8309960704
swapTotal: 8309960704
uptime: 216h 11m 56.00s (Approximately 9.00 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/mystorage
graphRootAllocated: 16039018496
graphRootUsed: 7629635584
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/mystorage/volumes
version:
APIVersion: 4.5.1
Built: 1685123928
BuiltTime: Sat May 27 02:58:48 2023
GitCommit: ""
GoVersion: go1.20.4
Os: linux
OsArch: linux/amd64
Version: 4.5.1
4.6.1
$ sudo cp /etc/containers/storage.conf /etc/containers/storage.conf.orig
$ sudo vi /etc/containers/storage.conf
graphroot="/var/mystorage"
$ grep -B 1 graph /etc/containers/storage.conf
# Primary Read/Write location of container storage
# When changing the graphroot location on an SELINUX system, you must
--
# restorecon -R -v /NEWSTORAGEPATH
#graphroot = "/var/lib/containers/storage"
graphroot="/var/mystorage"
$ sudo podman info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- misc
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.84
systemPercent: 0.1
userPercent: 0.06
cpus: 2
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
freeLocks: 2048
hostname: fedora-server
idMappings:
gidmap: null
uidmap: null
kernel: 6.2.9-300.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 1666985984
memTotal: 4091457536
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.7.0
package: netavark-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.7.0
ociRuntime:
name: crun
package: crun-1.8.6-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.6
commit: 73f759f4a39769f60990e7d225f561b4f4f06bcf
rundir: /run/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20230625.g32660ce-1.fc38.x86_64
version: |
pasta 0^20230625.g32660ce-1.fc38.x86_64
Copyright Red Hat
GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 4090490880
swapTotal: 4090490880
uptime: 30h 30m 29.00s (Approximately 1.25 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/mystorage
graphRootAllocated: 16039018496
graphRootUsed: 3690098688
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/mystorage/volumes
version:
APIVersion: 4.6.1
Built: 1691705273
BuiltTime: Fri Aug 11 07:07:53 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.1
Original
$ podman info
4.5.1
$ podman info
host:
arch: amd64
buildahVersion: 1.30.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.96
systemPercent: 0.03
userPercent: 0.02
cpus: 4
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
hostname: fedora38-pia
idMappings:
gidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
uidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
kernel: 6.3.8-200.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 5438910464
memTotal: 8310349824
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.8.5-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.5
commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
rundir: /run/user/1001/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
remoteSocket:
path: /run/user/1001/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 8309960704
swapTotal: 8309960704
uptime: 216h 12m 41.00s (Approximately 9.00 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/shtanaka/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/shtanaka/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 7629770752
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 6
runRoot: /run/user/1001/containers
transientStore: false
volumePath: /home/shtanaka/.local/share/containers/storage/volumes
version:
APIVersion: 4.5.1
Built: 1685123928
BuiltTime: Sat May 27 02:58:48 2023
GitCommit: ""
GoVersion: go1.20.4
Os: linux
OsArch: linux/amd64
Version: 4.5.1
4.6.1
$ podman info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.84
systemPercent: 0.1
userPercent: 0.06
cpus: 2
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
freeLocks: 2045
hostname: fedora-server
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
kernel: 6.2.9-300.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 1673351168
memTotal: 4091457536
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.7.0
package: netavark-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.7.0
ociRuntime:
name: crun
package: crun-1.8.6-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.6
commit: 73f759f4a39769f60990e7d225f561b4f4f06bcf
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20230625.g32660ce-1.fc38.x86_64
version: |
pasta 0^20230625.g32660ce-1.fc38.x86_64
Copyright Red Hat
GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 4090490880
swapTotal: 4090490880
uptime: 30h 32m 58.00s (Approximately 1.25 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/user/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 3688017920
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 6
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/user/.local/share/containers/storage/volumes
version:
APIVersion: 4.6.1
Built: 1691705273
BuiltTime: Fri Aug 11 07:07:53 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.1
Original
$ sudo vi /etc/containers/storage.conf
$ grep -B 3 rootless_storage_path /etc/containers/storage.conf
$ podman info
4.5.1
$ sudo vi /etc/containers/storage.conf
rootless_storage_path = "/var/tmp/$UID/var/mystorage"
$ grep -B 3 rootless_storage_path /etc/containers/storage.conf
# Storage path for rootless users
#
# rootless_storage_path = "$HOME/.local/share/containers/storage"
rootless_storage_path = "/var/tmp/$UID/var/mystorage"
$ podman info
host:
arch: amd64
buildahVersion: 1.30.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.96
systemPercent: 0.03
userPercent: 0.02
cpus: 4
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
hostname: fedora38-pia
idMappings:
gidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
uidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
kernel: 6.3.8-200.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 5453131776
memTotal: 8310349824
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.8.5-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.5
commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
rundir: /run/user/1001/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
remoteSocket:
path: /run/user/1001/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 8309960704
swapTotal: 8309960704
uptime: 216h 16m 25.00s (Approximately 9.00 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/shtanaka/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/tmp/1001/var/mystorage
graphRootAllocated: 16039018496
graphRootUsed: 7629787136
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/user/1001/containers
transientStore: false
volumePath: /var/tmp/1001/var/mystorage/volumes
version:
APIVersion: 4.5.1
Built: 1685123928
BuiltTime: Sat May 27 02:58:48 2023
GitCommit: ""
GoVersion: go1.20.4
Os: linux
OsArch: linux/amd64
Version: 4.5.1
4.6.1
$ sudo vi /etc/containers/storage.conf
rootless_storage_path = "/var/tmp/$UID/var/mystorage"
$ grep -B 3 rootless_storage_path /etc/containers/storage.conf
# Storage path for rootless users
#
# rootless_storage_path = "$HOME/.local/share/containers/storage"
rootless_storage_path = "/var/tmp/$UID/var/mystorage"
$ podman info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.84
systemPercent: 0.1
userPercent: 0.06
cpus: 2
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
freeLocks: 2045
hostname: fedora-server
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
kernel: 6.2.9-300.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 1666195456
memTotal: 4091457536
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.7.0
package: netavark-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.7.0
ociRuntime:
name: crun
package: crun-1.8.6-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.6
commit: 73f759f4a39769f60990e7d225f561b4f4f06bcf
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20230625.g32660ce-1.fc38.x86_64
version: |
pasta 0^20230625.g32660ce-1.fc38.x86_64
Copyright Red Hat
GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 4090490880
swapTotal: 4090490880
uptime: 30h 37m 58.00s (Approximately 1.25 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/tmp/1000/var/mystorage
graphRootAllocated: 16039018496
graphRootUsed: 3687976960
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /var/tmp/1000/var/mystorage/volumes
version:
APIVersion: 4.6.1
Built: 1691705273
BuiltTime: Fri Aug 11 07:07:53 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.1
Original
$ sudo cp /etc/containers/storage.conf.orig /etc/containers/storage.conf
4.5.1
$ sudo cp /etc/containers/storage.conf.orig /etc/containers/storage.conf
4.6.1
$ sudo cp /etc/containers/storage.conf.orig /etc/containers/storage.conf
Original
$ man containers-storage.conf
4.5.1
$ man containers-storage.conf
4.6.1
$ man containers-storage.conf
Original
$ sudo cp /etc/containers/registries.conf /etc/containers/registries.conf.orig
$ sudo vi /etc/containers/registries.conf
$ podman info
4.5.1
$ sudo cp /etc/containers/registries.conf /etc/containers/registries.conf.orig
$ sudo vi /etc/containers/registries.conf
unqualified-search-registries = ["registry.fedoraproject.org","registry.access.redhat.com", "example.com", "quay.io"]
$ podman info
host:
arch: amd64
buildahVersion: 1.30.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.96
systemPercent: 0.03
userPercent: 0.02
cpus: 4
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
hostname: fedora38-pia
idMappings:
gidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
uidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
kernel: 6.3.8-200.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 5451456512
memTotal: 8310349824
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.8.5-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.5
commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
rundir: /run/user/1001/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
remoteSocket:
path: /run/user/1001/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 8309960704
swapTotal: 8309960704
uptime: 216h 24m 7.00s (Approximately 9.00 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- example.com
- quay.io
store:
configFile: /home/shtanaka/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/shtanaka/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 7629799424
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 6
runRoot: /run/user/1001/containers
transientStore: false
volumePath: /home/shtanaka/.local/share/containers/storage/volumes
version:
APIVersion: 4.5.1
Built: 1685123928
BuiltTime: Sat May 27 02:58:48 2023
GitCommit: ""
GoVersion: go1.20.4
Os: linux
OsArch: linux/amd64
Version: 4.5.1
4.6.1
$ sudo cp /etc/containers/registries.conf /etc/containers/registries.conf.orig
$ sudo vi /etc/containers/registries.conf
unqualified-search-registries = ["registry.fedoraproject.org","registry.access.redhat.com", "example.com", "quay.io"]
$ podman info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.84
systemPercent: 0.1
userPercent: 0.06
cpus: 2
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
freeLocks: 2045
hostname: fedora-server
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
kernel: 6.2.9-300.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 1671720960
memTotal: 4091457536
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.7.0
package: netavark-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.7.0
ociRuntime:
name: crun
package: crun-1.8.6-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.6
commit: 73f759f4a39769f60990e7d225f561b4f4f06bcf
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20230625.g32660ce-1.fc38.x86_64
version: |
pasta 0^20230625.g32660ce-1.fc38.x86_64
Copyright Red Hat
GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 4090490880
swapTotal: 4090490880
uptime: 30h 44m 20.00s (Approximately 1.25 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- example.com
- quay.io
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/user/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 3688136704
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 6
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/user/.local/share/containers/storage/volumes
version:
APIVersion: 4.6.1
Built: 1691705273
BuiltTime: Fri Aug 11 07:07:53 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.1
Original
$ podman pull foobar
4.5.1
$ podman pull foobar
? Please select an image:
▸ registry.fedoraproject.org/foobar:latest
registry.access.redhat.com/foobar:latest
example.com/foobar:latest
quay.io/foobar:latest
4.6.1
$ podman pull foobar
? Please select an image:
▸ registry.fedoraproject.org/foobar:latest
registry.access.redhat.com/foobar:latest
example.com/foobar:latest
quay.io/foobar:latest
Original
$ sudo cp /etc/containers/registries.conf.orig /etc/containers/registries.conf
4.5.1
$ sudo cp /etc/containers/registries.conf.orig /etc/containers/registries.conf
4.6.1
$ sudo cp /etc/containers/registries.conf.orig /etc/containers/registries.conf
Original
$ sudo vi /etc/containers/registries.conf
$ podman info
4.5.1
$ sudo vi /etc/containers/registries.conf
[[registry]]
Location = "docker.io"
blocked=true
$ podman info
host:
arch: amd64
buildahVersion: 1.30.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.96
systemPercent: 0.03
userPercent: 0.02
cpus: 4
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
hostname: fedora38-pia
idMappings:
gidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
uidmap:
- container_id: 0
host_id: 1001
size: 1
- container_id: 1
host_id: 589824
size: 65536
kernel: 6.3.8-200.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 5447237632
memTotal: 8310349824
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.8.5-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.5
commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
rundir: /run/user/1001/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
remoteSocket:
path: /run/user/1001/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 8309960704
swapTotal: 8309960704
uptime: 217h 20m 31.00s (Approximately 9.04 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
docker.io:
Blocked: true
Insecure: false
Location: docker.io
MirrorByDigestOnly: false
Mirrors: null
Prefix: docker.io
PullFromMirror: ""
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/shtanaka/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/shtanaka/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 7629737984
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 6
runRoot: /run/user/1001/containers
transientStore: false
volumePath: /home/shtanaka/.local/share/containers/storage/volumes
version:
APIVersion: 4.5.1
Built: 1685123928
BuiltTime: Sat May 27 02:58:48 2023
GitCommit: ""
GoVersion: go1.20.4
Os: linux
OsArch: linux/amd64
Version: 4.5.1
4.6.1
$ sudo vi /etc/containers/registries.conf
[[registry]]
Location = "docker.io"
blocked=true
$ podman info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.85
systemPercent: 0.1
userPercent: 0.06
cpus: 2
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
freeLocks: 2045
hostname: fedora-server
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
kernel: 6.2.9-300.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 1670184960
memTotal: 4091457536
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.7.0
package: netavark-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.7.0
ociRuntime:
name: crun
package: crun-1.8.6-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.6
commit: 73f759f4a39769f60990e7d225f561b4f4f06bcf
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20230625.g32660ce-1.fc38.x86_64
version: |
pasta 0^20230625.g32660ce-1.fc38.x86_64
Copyright Red Hat
GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 4090490880
swapTotal: 4090490880
uptime: 31h 40m 28.00s (Approximately 1.29 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
docker.io:
Blocked: true
Insecure: false
Location: docker.io
MirrorByDigestOnly: false
Mirrors: null
Prefix: docker.io
PullFromMirror: ""
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/user/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 3688144896
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 6
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/user/.local/share/containers/storage/volumes
version:
APIVersion: 4.6.1
Built: 1691705273
BuiltTime: Fri Aug 11 07:07:53 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.1
Original
$ podman pull docker.io/ubuntu
4.5.1
$ podman pull docker.io/ubuntu
Trying to pull docker.io/library/ubuntu:latest...
Error: initializing source docker://ubuntu:latest: registry docker.io is blocked in /etc/containers/registries.conf or /home/shtanaka/.config/containers/registries.conf.d
4.6.1
$ podman pull docker.io/ubuntu
Trying to pull docker.io/library/ubuntu:latest...
Error: initializing source docker://ubuntu:latest: registry docker.io is blocked in /etc/containers/registries.conf or /home/user/.config/containers/registries.conf.d
Original
$ sudo cp /etc/containers/registries.conf.orig /etc/containers/registries.conf
4.5.1
$ sudo cp /etc/containers/registries.conf.orig /etc/containers/registries.conf
4.6.1
$ sudo cp /etc/containers/registries.conf.orig /etc/containers/registries.conf
Original
$ man containers-registries.conf
4.5.1
$ man containers-registries.conf
4.6.1
$ man containers-registries.conf
Original
$ podman run --rm ubi8 printenv
4.5.1
$ podman run --rm ubi8 printenv
TERM=xterm
container=oci
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOME=/root
HOSTNAME=e9379ef61f08
4.6.1
$ podman run --rm ubi8 printenv
TERM=xterm
container=oci
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOME=/root
HOSTNAME=e9379ef61f08
Original
$ mkdir -p $HOME/.config/containers/containers.conf.d
$ cat << _EOF > $HOME/.config/containers/containers.conf.d/env.conf
[containers]
env=[ "foo=bar" ]
_EOF
$ podman run --rm ubi8 printenv
4.5.1
$ mkdir -p $HOME/.config/containers/containers.conf.d
$ cat << _EOF > $HOME/.config/containers/containers.conf.d/env.conf
[containers]
env=[ "foo=bar" ]
_EOF
$ podman run --rm ubi8 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
container=oci
foo=bar
HOME=/root
HOSTNAME=50469e70e072
4.6.1
$ mkdir -p $HOME/.config/containers/containers.conf.d
$ cat << _EOF > $HOME/.config/containers/containers.conf.d/env.conf
[containers]
env=[ "foo=bar" ]
_EOF
$ podman run --rm ubi8 printenv
foo=bar
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
container=oci
HOME=/root
HOSTNAME=26170a7c6162
Original
$ podman run quay.io/podman/stable cat /etc/containers/containers.conf
4.5.1
$ podman run quay.io/podman/stable cat /etc/containers/containers.conf
[containers]
netns="host"
userns="host"
ipcns="host"
utsns="host"
cgroupns="host"
cgroups="disabled"
log_driver = "k8s-file"
[engine]
cgroup_manager = "cgroupfs"
events_logger="file"
runtime="crun"
4.6.1
$ podman run quay.io/podman/stable cat /etc/containers/containers.conf
[containers]
netns="host"
userns="host"
ipcns="host"
utsns="host"
cgroupns="host"
cgroups="disabled"
log_driver = "k8s-file"
[engine]
cgroup_manager = "cgroupfs"
events_logger="file"
runtime="crun"
Original
$ podman run --security-opt label=disable --device /dev/fuse --user podman quay.io/podman/stable podman run ubi8-micro echo hi
訳注
--security-opt label=disable
4.5.1
$ podman run --security-opt label=disable --device /dev/fuse --user podman quay.io/podman/stable podman run ubi8-micro echo hi
Resolved "ubi8-micro" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8-micro:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob sha256:5678bd1b090ad515caa6dc7e3a7f5b0bf7cd9b383a6e71d53db8aca974a49e6c
Copying config sha256:81f2db598441b158e95523e583dbabc7a946a9aa8d7707f28c933a342cb6de1b
Writing manifest to image destination
Storing signatures
hi
4.6.1
$ podman run --security-opt label=disable --device /dev/fuse --user podman quay.io/podman/stable podman run ubi8-micro echo hi
Resolved "ubi8-micro" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8-micro:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob sha256:5678bd1b090ad515caa6dc7e3a7f5b0bf7cd9b383a6e71d53db8aca974a49e6c
Copying config sha256:81f2db598441b158e95523e583dbabc7a946a9aa8d7707f28c933a342cb6de1b
Writing manifest to image destination
Storing signatures
hi
Original
$ man containers.conf
4.5.1
$ man containers.conf
4.6.1
$ man containers.conf
Original
$ podman rmi --all --force
4.5.1
$ podman rmi --all --force
Untagged: registry.access.redhat.com/ubi8/httpd-24:latest
Untagged: quay.io/rhatdan/myimage:latest
Untagged: docker.io/library/mariadb:latest
Untagged: localhost/podman-pause:4.5.1-1685123928
Untagged: registry.access.redhat.com/ubi8:latest
Untagged: quay.io/podman/stable:latest
Deleted: 2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
Deleted: b4607342e2fc6967509c2243cb7292972ec0b07c99a880448ea4f8a2cf891a13
Deleted: cf4c9273e72aefb3e8a15fb7e3de3aa20db6c4932217384864271b2c88cfdf00
Deleted: 6109e370460d4234aa7452d2414144b374f9f1e61b8c0b17747919850cfde419
Deleted: 7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714
Deleted: 4446bdad587e2a9fc891b32721a248f5d3fa3cb8fc52ff72a799b4a58cecd1d6
4.6.1
$ podman rmi --all --force
Untagged: registry.access.redhat.com/ubi8/httpd-24:latest
Untagged: quay.io/rhatdan/myimage:latest
Untagged: docker.io/library/mariadb:latest
Untagged: localhost/podman-pause:4.6.1-1691705273
Untagged: registry.access.redhat.com/ubi8:latest
Untagged: quay.io/podman/stable:latest
Deleted: 2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
Deleted: 5526165b9e048788d6725c9591438016d534ac440e8e181073eb3c73810f7b7a
Deleted: cf4c9273e72aefb3e8a15fb7e3de3aa20db6c4932217384864271b2c88cfdf00
Deleted: 9dcb70f0bc59b23fad1674e3d67eb3143d127ae875fbd038e741dd50c3ee0b5c
Deleted: 7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714
Deleted: 4446bdad587e2a9fc891b32721a248f5d3fa3cb8fc52ff72a799b4a58cecd1d6
Original
$ podman run -d -p 8080:8080 --name myapp quay.io/rhatdan/myimage
4.5.1
$ podman run -d -p 8080:8080 --name myapp quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob e3460238f8a1 done
Copying blob 2b782a9ad894 done
Copying blob c7765172d3ce done
Copying blob dfd8c625d022 done
Copying blob a1eadb69adf1 done
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
0deef4d31d1f9a0763ce6a9bdcbddf0e010d1f4227bb1b3a9f022bcf8ed8868f
4.6.1
$ podman run -d -p 8080:8080 --name myapp quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob c7765172d3ce done
Copying blob e3460238f8a1 done
Copying blob dfd8c625d022 done
Copying blob 2b782a9ad894 done
Copying blob a1eadb69adf1 done
Copying config 2c7e43d880 done
Writing manifest to image destination
c400442b2f120746d33659a5f16c396adc2b7ecc48af60b6d50f0d43bd47db0e
Original
$ podman run --user=root --rm quay.io/rhatdan/myimage -- bash -c "find / -mount -printf \"%U=%u\n\" | sort -un" 2>/dev/null
4.5.1
$ podman run --user=root --rm quay.io/rhatdan/myimage -- bash -c "find / -mount -printf \"%U=%u\n\" | sort -un" 2>/dev/null
0=root
48=apache
1001=default
65534=nobody
4.6.1
$ podman run --user=root --rm quay.io/rhatdan/myimage -- bash -c "find / -mount -printf \"%U=%u\n\" | sort -un" 2>/dev/null
0=root
48=apache
1001=default
65534=nobody
Original
$ man user namespaces
4.5.1
$ man user namespaces
4.6.1
$ man user namespaces
Original
$ cat /etc/subuid
$ cat /etc/subgid
4.5.1
$ cat /etc/subuid
shtanaka:589824:65536
dwalsh:851968:65536
$ cat /etc/subgid
dwalsh:851968:65536
shtanaka:589824:65536
4.6.1
$ cat /etc/subuid
user:524288:65536
dwalsh:589824:65536
$ cat /etc/subgid
user:524288:65536
dwalsh:589824:65536
Original
$ cat /proc/self/uid_map
4.5.1
$ cat /proc/self/uid_map
0 0 4294967295
4.6.1
$ cat /proc/self/uid_map
0 0 4294967295
Original
$ podman unshare cat /proc/self/uid_map
4.5.1
$ podman unshare cat /proc/self/uid_map
0 1001 1
1 589824 65536
4.6.1
$ podman unshare cat /proc/self/uid_map
0 1000 1
1 524288 65536
Original
$ podman run --user=root --rm quay.io/rhatdan/myimage -- bash -c "find / -mount -printf \"%U=%u\n\" | sort -un" 2>/dev/null
4.5.1
$ podman run --user=root --rm quay.io/rhatdan/myimage -- bash -c "find / -mount -printf \"%U=%u\n\" | sort -un" 2>/dev/null
0=root
48=apache
1001=default
65534=nobody
4.6.1
$ podman run --user=root --rm quay.io/rhatdan/myimage -- bash -c "find / -mount -printf \"%U=%u\n\" | sort -un" 2>/dev/null
0=root
48=apache
1001=default
65534=nobody
Original
$ ls -l -ld /
$ podman unshare ls -ld /
4.5.1
$ ls -l -ld /
dr-xr-xr-x. 18 root root 235 Jun 28 01:02 /
$ podman unshare ls -ld /
dr-xr-xr-x. 18 nobody nobody 235 Jun 28 01:02 /
4.6.1
$ ls -l -ld /
dr-xr-xr-x. 18 root root 235 4月 24 14:38 /
$ podman unshare ls -ld /
dr-xr-xr-x. 18 nobody nobody 235 4月 24 14:38 /
Original
$ podman unshare bash -c "id ; ls -l /etc/passwd; grep dwalsh /etc/passwd; touch /etc/passwd"
4.5.1
$ podman unshare bash -c "id ; ls -l /etc/passwd; grep dwalsh /etc/passwd; touch /etc/passwd"
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023
-rw-r--r--. 1 nobody nobody 2005 Aug 15 22:59 /etc/passwd
dwalsh:x:3267:3267::/home/dwalsh:/bin/bash
touch: cannot touch '/etc/passwd': Permission denied
4.6.1
$ podman unshare bash -c "id ; ls -l /etc/passwd; grep dwalsh /etc/passwd; touch /etc/passwd"
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:system_r:container_runtime_t:s0-s0:c0.c1023
-rw-r--r--. 1 nobody nobody 1777 Aug 23 00:43 /etc/passwd
dwalsh:x:3267:3267::/home/dwalsh:/bin/bash
touch: cannot touch '/etc/passwd': Permission denied
Original
$ ls -ld /home/dwalsh
$ podman unshare ls -ld /home/dwalsh
4.5.1
$ ls -ld /home/shtanaka
drwx------. 8 shtanaka shtanaka 4096 Aug 23 00:37 /home/shtanaka
$ podman unshare ls -ld /home/shtanaka/
drwx------. 8 root root 4096 Aug 23 00:37 /home/shtanaka/
4.6.1
$ ls -ld /home/user/
drwx------. 9 user user 4096 Aug 23 00:43 /home/user/
$ podman unshare ls -ld /home/user/
drwx------. 9 root root 4096 Aug 23 00:43 /home/user/
Original
$ podman unshare bash -c "mkdir test;touch test/testfile; chown -R 1:1 test"
$ ls -l test
$ rm -rf test
$ podman unshare rm -rf test
4.5.1
$ podman unshare bash -c "mkdir test;touch test/testfile; chown -R 1:1 test"
$ ls -l test
total 0
-rw-r--r--. 1 589824 589824 0 Aug 23 00:58 testfile
$ rm -rf test
rm: cannot remove 'test/testfile': Permission denied
$ podman unshare rm -rf test
4.6.1
$ podman unshare bash -c "mkdir test;touch test/testfile; chown -R 1:1 test"
$ ls -l test
total 0
-rw-r--r--. 1 524288 524288 0 Aug 23 00:59 testfile
$ rm -rf test
rm: cannot remove 'test/testfile': Permission denied
$ podman unshare rm -rf test
Original
$ man capabilities
4.5.1
$ man capabilities
4.6.1
$ man capabilities
Original
$ podman unshare bash -c "mkdir test;touch test/testfile; chown -R 1:1 test"
4.5.1
$ podman unshare bash -c "mkdir test;touch test/testfile; chown -R 1:1 test"
4.6.1
$ podman unshare bash -c "mkdir test;touch test/testfile; chown -R 1:1 test"
Original
$ man mount namespaces
4.5.1
$ man mount namespaces
4.6.1
$ man mount namespaces
Original
$ ls -l /proc/self/ns/user /proc/self/ns/mnt
$ podman unshare ls -l /proc/self/ns/user /proc/self/ns/mnt
4.5.1
$ ls -l /proc/self/ns/user /proc/self/ns/mnt
lrwxrwxrwx. 1 shtanaka shtanaka 0 Aug 23 01:03 /proc/self/ns/mnt -> 'mnt:[4026531841]'
lrwxrwxrwx. 1 shtanaka shtanaka 0 Aug 23 01:03 /proc/self/ns/user -> 'user:[4026531837]'
$ podman unshare ls -l /proc/self/ns/user /proc/self/ns/mnt
lrwxrwxrwx. 1 root root 0 Aug 23 01:04 /proc/self/ns/mnt -> 'mnt:[4026532665]'
lrwxrwxrwx. 1 root root 0 Aug 23 01:04 /proc/self/ns/user -> 'user:[4026532664]'
4.6.1
$ ls -l /proc/self/ns/user /proc/self/ns/mnt
lrwxrwxrwx. 1 user user 0 Aug 23 01:03 /proc/self/ns/mnt -> 'mnt:[4026531841]'
lrwxrwxrwx. 1 user user 0 Aug 23 01:03 /proc/self/ns/user -> 'user:[4026531837]'
$ podman unshare ls -l /proc/self/ns/user /proc/self/ns/mnt
lrwxrwxrwx. 1 root root 0 Aug 23 01:04 /proc/self/ns/mnt -> 'mnt:[4026532597]'
lrwxrwxrwx. 1 root root 0 Aug 23 01:04 /proc/self/ns/user -> 'user:[4026532596]'
Original
$ echo hello > /tmp/testfile
$ mount --bind /tmp/testfile /etc/shadow
4.5.1
$ echo hello > /tmp/testfile
$ mount --bind /tmp/testfile /etc/shadow
mount: /etc/shadow: must be superuser to use mount.
dmesg(1) may have more information after failed mount system call.
4.6.1
$ echo hello > /tmp/testfile
$ mount --bind /tmp/testfile /etc/shadow
mount: /etc/shadow: must be superuser to use mount.
dmesg(1) may have more information after failed mount system call.
Original
$ podman unshare bash -c "mount -o bind /tmp/testfile /etc/shadow; cat /etc/shadow"
4.5.1
$ podman unshare bash -c "mount -o bind /tmp/testfile /etc/shadow; cat /etc/shadow"
hello
4.6.1
$ podman unshare bash -c "mount -o bind /tmp/testfile /etc/shadow; cat /etc/shadow"
hello
Original
$ ps -e | grep podman
$ ps -e | grep catatonit
4.5.1
$ ps -e | grep podman
$ ps -e | grep catatonit
6443 ? 00:00:00 catatonit
4.6.1
$ ps -e | grep podman
$ ps -e | grep catatonit
1141 ? 00:00:00 catatonit
Original
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
4.5.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 7822e944d15c done
Copying blob bea2a0b08f4f done
Copying blob 28eca6c71374 done
Copying config 81cf3b3bd4 done
Writing manifest to image destination
Storing signatures
a60d9747f902bdd266928d9dfbf3a5d1708e6c56e7e3e4b5340154f9c703effb
4.6.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 28eca6c71374 done
Copying blob bea2a0b08f4f done
Copying blob 7822e944d15c done
Copying config 81cf3b3bd4 done
Writing manifest to image destination
Storing signatures
e8c21b43af3bae408b694fc819a066a2db3150696139cc6f8f45095211e37b0c
Original
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
4.5.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
de22ac6a5aa9e2a99feeab0eaba4f4ce4a6d5252a35d59582210a57189e388af
4.6.1
$ podman run -d -p 8080:8080 --name myapp registry.access.redhat.com/ubi8/httpd-24
63fe5207d222f6d079c5a7325608057a8e841d14131b45f82448f2357dd7b522
Original
$ podman stop myapp
4.5.1
$ podman stop myapp
myapp
4.6.1
$ podman stop myapp
myapp
Original
$ podman pull ubi8-init
$ podman inspect ubi8-init --format '{{ .Config.Cmd }}'
4.5.1
$ podman pull ubi8-init
Resolved "ubi8-init" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8-init:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob ba08a235dada done
Copying blob bea2a0b08f4f skipped: already exists
Copying config bf18ce156c done
Writing manifest to image destination
Storing signatures
bf18ce156c9592cafa94db25d6ce368ddd18bc14088bb6e50c9c2f4a503c5c66
$ podman inspect ubi8-init --format '{{ .Config.Cmd }}'
[/sbin/init]
4.6.1
$ podman pull ubi8-init
Resolved "ubi8-init" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8-init:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob ba08a235dada done
Copying blob bea2a0b08f4f skipped: already exists
Copying config bf18ce156c done
Writing manifest to image destination
Storing signatures
bf18ce156c9592cafa94db25d6ce368ddd18bc14088bb6e50c9c2f4a503c5c66
$ podman inspect ubi8-init --format '{{ .Config.Cmd }}'
[/sbin/init]
Original
$ podman create --rm --name SystemD -ti --systemd=always ubi8-init sh
$ podman inspect SystemD --format '{{ .Config.StopSignal}}'
4.5.1
$ podman create --rm --name SystemD -ti --systemd=always ubi8-init sh
6bf20636ceb5f22d527bdfdfce3524298ec206eeb40a163dae9fb5a7d82b5370
$ podman inspect SystemD --format '{{ .Config.StopSignal}}'
37
4.6.1
$ podman create --rm --name SystemD -ti --systemd=always ubi8-init sh
693c73aeda3a9c1b6711d7fa9113ab1ede7af45a4bb8c09cfa0fc30e3181e322
$ podman inspect SystemD --format '{{ .Config.StopSignal}}'
37
Original
$ podman start --attach SystemD
sh-4.4# mount | grep -e /tmp -e /run | head -2
sh-4.4# printenv container
4.5.1
$ podman start --attach SystemD
sh-4.4# mount | grep -e /tmp -e /run | head -2
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,context="system_u:object_r:container_file_t:s0:c260,c891",uid=1001,gid=1001,inode64)
tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,context="system_u:object_r:container_file_t:s0:c260,c891",uid=1001,gid=1001,inode64)
sh-4.4# printenv container
oci
4.6.1
$ podman start --attach SystemD
sh-4.4# mount | grep -e /tmp -e /run | head -2
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,context="system_u:object_r:container_file_t:s0:c342,c1020",uid=1000,gid=1000,inode64)
tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,context="system_u:object_r:container_file_t:s0:c342,c1020",uid=1000,gid=1000,inode64)
sh-4.4# printenv container
oci
Original
$ podman run -ti ubi8-init
4.5.1
$ podman run -ti ubi8-init
systemd 239 (239-74.el8_8.3) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
Detected virtualization container-other.
Detected architecture x86-64.
Welcome to Red Hat Enterprise Linux 8.8 (Ootpa)!
Set hostname to <dde4d63a518f>.
Initializing machine ID from container UUID.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Reached target Slices.
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket.
[ OK ] Reached target Local File Systems.
-.slice: Failed to set memory.min: Operation not permitted
-.slice: Failed to set memory.low: Operation not permitted
-.slice: Failed to set memory.high: Operation not permitted
-.slice: Failed to set memory.max: Operation not permitted
-.slice: Failed to set memory.swap.max: Operation not permitted
-.slice: Failed to set pids.max: Operation not permitted
Starting Rebuild Dynamic Linker Cache...
Starting Rebuild Journal Catalog...
[ OK ] Reached target Network is Online.
[ OK ] Reached target Remote File Systems.
[ OK ] Listening on Process Core Dump Socket.
Starting Create System Users...
Starting Journal Service...
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Reached target Swap.
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started Create System Users.
[ OK ] Started Rebuild Dynamic Linker Cache.
Starting Update is Completed...
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Update is Completed.
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Started dnf makecache --timer.
[ OK ] Reached target Timers.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting Permit User Sessions...
[ OK ] Started D-Bus System Message Bus.
[ OK ] Started Permit User Sessions.
[ OK ] Reached target Multi-User System.
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
$ podman stop -l
dde4d63a518f197fbdb01bcd033d42ae2b8c680fdda0fd25e0d40024f0f44096
4.6.1
$ podman run -ti ubi8-init
systemd 239 (239-74.el8_8.3) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
Detected virtualization container-other.
Detected architecture x86-64.
Welcome to Red Hat Enterprise Linux 8.8 (Ootpa)!
Set hostname to <cec143721c5c>.
Initializing machine ID from container UUID.
[ OK ] Reached target Swap.
[ OK ] Reached target Remote File Systems.
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Reached target Slices.
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Reached target Local File Systems.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Listening on Process Core Dump Socket.
[ OK ] Listening on Journal Socket.
-.slice: Failed to set memory.min: Operation not permitted
-.slice: Failed to set memory.low: Operation not permitted
-.slice: Failed to set memory.high: Operation not permitted
-.slice: Failed to set memory.max: Operation not permitted
-.slice: Failed to set memory.swap.max: Operation not permitted
-.slice: Failed to set pids.max: Operation not permitted
Starting Journal Service...
Starting Rebuild Journal Catalog...
Starting Rebuild Dynamic Linker Cache...
Starting Create System Users...
[ OK ] Reached target Network is Online.
[ OK ] Started Create System Users.
[ OK ] Started Rebuild Dynamic Linker Cache.
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Rebuild Journal Catalog.
Starting Update is Completed...
[ OK ] Started Update is Completed.
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting Permit User Sessions...
[ OK ] Started D-Bus System Message Bus.
[ OK ] Started dnf makecache --timer.
[ OK ] Reached target Timers.
[ OK ] Started Permit User Sessions.
[ OK ] Reached target Multi-User System.
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
$ podman stop -l
cec143721c5c9495e8d3db12fa81743c2538a45a8c7336dc80c2c2a3ad8d7adc
Original
$ mkdir /tmp/pia-systemd-httpd
$ cat << _EOF > /tmp/pia-systemd-httpd/Containerfile
FROM ubi8-init
RUN dnf -y install httpd; dnf -y clean all
RUN systemctl enable httpd.service
_EOF
$ podman build -t my-systemd /tmp/pia-systemd-httpd/
4.5.1
$ podman build -t my-systemd /tmp/pia-systemd-httpd/
STEP 1/3: FROM ubi8-init
STEP 2/3: RUN dnf -y install httpd; dnf -y clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 960 kB/s | 716 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStre 3.6 MB/s | 2.9 MB 00:00
Red Hat Universal Base Image 8 (RPMs) - CodeRea 194 kB/s | 99 kB 00:00
Dependencies resolved.
===================================================================================================
Package Arch Version Repository Size
===================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 ubi-8-appstream-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 110 k
mailcap noarch 2.1.48-3.el8 ubi-8-baseos-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 ubi-8-appstream-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 ubi-8-baseos-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
===================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Downloading Packages:
(1/10): redhat-logos-httpd-84.5-1.el8.noarch.rp 120 kB/s | 29 kB 00:00
(2/10): mailcap-2.1.48-3.el8.noarch.rpm 158 kB/s | 39 kB 00:00
(3/10): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 338 kB/s | 25 kB 00:00
(4/10): apr-1.6.3-12.el8.x86_64.rpm 372 kB/s | 130 kB 00:00
(5/10): apr-util-1.6.1-6.el8_8.1.x86_64.rpm 705 kB/s | 105 kB 00:00
(6/10): apr-util-openssl-1.6.1-6.el8_8.1.x86_64 357 kB/s | 27 kB 00:00
(7/10): httpd-filesystem-2.4.37-56.module+el8.8 599 kB/s | 43 kB 00:00
(8/10): httpd-tools-2.4.37-56.module+el8.8.0+18 780 kB/s | 110 kB 00:00
(9/10): mod_http2-1.15.7-8.module+el8.8.0+18751 1.4 MB/s | 155 kB 00:00
(10/10): httpd-2.4.37-56.module+el8.8.0+18758+b 5.2 MB/s | 1.4 MB 00:00
--------------------------------------------------------------------------------
Total 3.3 MB/s | 2.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/10
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/10
Installing : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 2/10
Installing : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 3/10
Installing : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Running scriptlet: apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Installing : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 5/10
Running scriptlet: httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : redhat-logos-httpd-84.5-1.el8.noarch 7/10
Installing : mailcap-2.1.48-3.el8.noarch 8/10
Installing : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 9/10
Installing : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Running scriptlet: httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Verifying : mailcap-2.1.48-3.el8.noarch 1/10
Verifying : redhat-logos-httpd-84.5-1.el8.noarch 2/10
Verifying : apr-1.6.3-12.el8.x86_64 3/10
Verifying : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Verifying : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 5/10
Verifying : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 6/10
Verifying : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 7/10
Verifying : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 8/10
Verifying : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 9/10
Verifying : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 10/10
Installed products updated.
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8_8.1.x86_64
apr-util-bdb-1.6.1-6.el8_8.1.x86_64
apr-util-openssl-1.6.1-6.el8_8.1.x86_64
httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch
httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64
redhat-logos-httpd-84.5-1.el8.noarch
Complete!
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
25 files removed
--> d4b40243919f
STEP 3/3: RUN systemctl enable httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
COMMIT my-systemd
--> dee1d50e849f
Successfully tagged localhost/my-systemd:latest
dee1d50e849f25afd1f3ff536f010e99def62d94845addb71f53f1ec16f48af5
4.6.1
$ podman build -t my-systemd /tmp/pia-systemd-httpd/
STEP 1/3: FROM ubi8-init
STEP 2/3: RUN dnf -y install httpd; dnf -y clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 2.0 MB/s | 716 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStre 6.3 MB/s | 2.9 MB 00:00
Red Hat Universal Base Image 8 (RPMs) - CodeRea 81 kB/s | 99 kB 00:01
Dependencies resolved.
===================================================================================================
Package Arch Version Repository Size
===================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 ubi-8-appstream-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 110 k
mailcap noarch 2.1.48-3.el8 ubi-8-baseos-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 ubi-8-appstream-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 ubi-8-baseos-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
===================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Downloading Packages:
(1/10): redhat-logos-httpd-84.5-1.el8.noarch.rp 377 kB/s | 29 kB 00:00
(2/10): apr-1.6.3-12.el8.x86_64.rpm 1.5 MB/s | 130 kB 00:00
(3/10): mailcap-2.1.48-3.el8.noarch.rpm 432 kB/s | 39 kB 00:00
(4/10): apr-util-1.6.1-6.el8_8.1.x86_64.rpm 2.8 MB/s | 105 kB 00:00
(5/10): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 763 kB/s | 25 kB 00:00
(6/10): apr-util-openssl-1.6.1-6.el8_8.1.x86_64 902 kB/s | 27 kB 00:00
(7/10): httpd-filesystem-2.4.37-56.module+el8.8 697 kB/s | 43 kB 00:00
(8/10): mod_http2-1.15.7-8.module+el8.8.0+18751 2.1 MB/s | 155 kB 00:00
(9/10): httpd-2.4.37-56.module+el8.8.0+18758+b3 6.5 MB/s | 1.4 MB 00:00
(10/10): httpd-tools-2.4.37-56.module+el8.8.0+1 253 kB/s | 110 kB 00:00
--------------------------------------------------------------------------------
Total 3.7 MB/s | 2.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/10
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/10
Installing : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 2/10
Installing : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 3/10
Installing : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Running scriptlet: apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Installing : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 5/10
Running scriptlet: httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : redhat-logos-httpd-84.5-1.el8.noarch 7/10
Installing : mailcap-2.1.48-3.el8.noarch 8/10
Installing : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 9/10
Installing : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Running scriptlet: httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Verifying : mailcap-2.1.48-3.el8.noarch 1/10
Verifying : redhat-logos-httpd-84.5-1.el8.noarch 2/10
Verifying : apr-1.6.3-12.el8.x86_64 3/10
Verifying : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Verifying : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 5/10
Verifying : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 6/10
Verifying : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 7/10
Verifying : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 8/10
Verifying : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 9/10
Verifying : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 10/10
Installed products updated.
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8_8.1.x86_64
apr-util-bdb-1.6.1-6.el8_8.1.x86_64
apr-util-openssl-1.6.1-6.el8_8.1.x86_64
httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch
httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64
redhat-logos-httpd-84.5-1.el8.noarch
Complete!
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
25 files removed
--> 17490b574db9
STEP 3/3: RUN systemctl enable httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
COMMIT my-systemd
--> b45f8822867e
Successfully tagged localhost/my-systemd:latest
b45f8822867ebdc9cedd4fb51baeb5e6ace46404ba406ca25c3b4192b877b4e3
Original
$ podman run -d --rm -p 8080:80 -v ./html:/var/www/html:Z my-systemd
$ podman ps
$ podman logs 7675617e5b8b
4.5.1
$ podman run -d --rm -p 8080:80 -v ./html:/var/www/html:Z my-systemd
75f3c8bcb3b9048c3d7207d965c729863d9f9cb9eb547b695ccc5ff4d1335f59
$ curl localhost:8080
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0fa8b964bc2b localhost/my-systemd:latest /sbin/init 2 minutes ago Up 2 minutes 0.0.0.0:8080->80/tcp zealous_brahmagupta
$ podman logs 0fa8b964bc2b
$
4.6.1
$ podman run -d --rm -p 8080:80 -v ./html:/var/www/html:Z my-systemd
057bb89236e724ed8ed5752d7490d0e66204d331cfa04f7ad01307e3b0a8f8cb
$ curl localhost:8080
<html>
<head>
</head>
<body>
<h1>Goodbye World</h1>
</body>
</html>
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
057bb89236e7 localhost/my-systemd:latest /sbin/init 2 minutes ago Up 2 minutes 0.0.0.0:8080->80/tcp inspiring_joliot
$ podman logs 057bb89236e7
$
Original
$ podman info --format '{{ .Host.LogDriver }}'
$ mkdir -p $HOME/.config/containers/containers.conf.d
$ cat > $HOME/.config/containers/containers.conf.d/log_driver.conf << _EOF
[containers]
log_driver="journald"
_EOF
$ podman info --format '{{ .Host.LogDriver }}'
ログドライバーをk8s-fileの状態にするため、チェックではPinPを使用する
4.5.1
$ podman run --rm --privileged -it --user podman quay.io/podman/stable
[podman@5194ec08bc0e /]$ podman info --format '{{ .Host.LogDriver }}'
k8s-file
[podman@5194ec08bc0e /]$ mkdir -p $HOME/.config/containers/containers.conf.d
[podman@5194ec08bc0e /]$ cat > $HOME/.config/containers/containers.conf.d/log_driver.conf << _EOF
[containers]
log_driver="journald"
_EOF
[podman@5194ec08bc0e /]$ podman info --format '{{ .Host.LogDriver }}'
journald
4.6.1
$ podman run --rm --privileged -it --user podman quay.io/podman/stable
[podman@9d3f0a6588ad /]$ podman info --format '{{ .Host.LogDriver }}'
k8s-file
[podman@9d3f0a6588ad /]$ mkdir -p $HOME/.config/containers/containers.conf.d
[podman@9d3f0a6588ad /]$ cat > $HOME/.config/containers/containers.conf.d/log_driver.conf << _EOF
[containers]
log_driver="journald"
_EOF
[podman@9d3f0a6588ad /]$ podman info --format '{{ .Host.LogDriver }}'
journald
Original
$ podman run --rm --name test2 ubi8 echo "Check if logs persist"
$ journalctl -b | grep "Check if logs persist"
4.5.1
$ podman run --rm --name test2 ubi8 echo "Check if logs persist"
Check if logs persist
$ journalctl -b | grep "Check if logs persist"
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
Aug 25 05:40:42 fedora38-pia test2[50282]: Check if logs persist
4.6.1
$ podman run --rm --name test2 ubi8 echo "Check if logs persist"
Check if logs persist
$ journalctl -b | grep "Check if logs persist"
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
8月 25 05:40:48 fedora-server test2[16679]: Check if logs persist
Original
$ podman events --filter event=start --since 1h
$ podman info --format '{{ .Host.EventLogger }}'
4.5.1
$ podman events --filter event=start --since 1h
2023-08-25 05:24:58.832245144 +0900 JST container start ea432fbcefd04c081f7b2db56e332f5e6c8b98afe4af3db2ff826959661049bf (image=registry.access.redhat.com/
...
$ podman info --format '{{ .Host.EventLogger }}'
journald
4.6.1
$ podman events --filter event=start --since 1h
2023-08-25 05:25:00.421503398 +0900 JST container start 2076f38e3ac86ac16e0a559ba70bea0e11fa8b77623d0d7af6e108b4645ced70
...
$ podman info --format '{{ .Host.EventLogger }}'
journald
Original
$ podman create -p 8080:8080 --name myapp quay.io/rhatdan/myimage
4.5.1
$ podman create -p 8080:8080 --name myapp quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob 2b782a9ad894 done
Copying blob e3460238f8a1 done
Copying blob dfd8c625d022 done
Copying blob a1eadb69adf1 done
Copying blob c7765172d3ce done
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae
$ mkdir -p $HOME/.config/systemd/user
$ podman generate systemd myapp > $HOME/.config/systemd/user/myapp.service
4.6.1
$ podman create -p 8080:8080 --name myapp quay.io/rhatdan/myimage
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob e3460238f8a1 done
Copying blob c7765172d3ce done
Copying blob 2b782a9ad894 done
Copying blob dfd8c625d022 done
Copying blob a1eadb69adf1 done
Copying config 2c7e43d880 done
Writing manifest to image destination
54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2
$ mkdir -p $HOME/.config/systemd/user
$ podman generate systemd myapp > $HOME/.config/systemd/user/myapp.service
Original
$ cat $HOME/.config/systemd/user/myapp.service
4.5.1
$ cat $HOME/.config/systemd/user/myapp.service
# container-1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae.service
# autogenerated by Podman 4.5.1
# Fri Aug 25 05:56:42 JST 2023
[Unit]
Description=Podman container-1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/run/user/1001/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start 1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae
ExecStop=/usr/bin/podman stop \
-t 10 1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae
ExecStopPost=/usr/bin/podman stop \
-t 10 1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae
PIDFile=/run/user/1001/containers/overlay-containers/1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae/userdata/conmon.pid
Type=forking
[Install]
WantedBy=default.target
4.6.1
$ cat $HOME/.config/systemd/user/myapp.service
# container-54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2.service
# autogenerated by Podman 4.6.1
# Fri Aug 25 05:56:44 JST 2023
[Unit]
Description=Podman container-54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/run/user/1000/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start 54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2
ExecStop=/usr/bin/podman stop \
-t 10 54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2
ExecStopPost=/usr/bin/podman stop \
-t 10 54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2
PIDFile=/run/user/1000/containers/overlay-containers/54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2/userdata/conmon.pid
Type=forking
[Install]
WantedBy=default.target
Original
$ systemctl --user daemon-reload
$ systemctl --user start myapp
$ systemctl --user status myapp
4.5.1
$ systemctl --user daemon-reload
$ systemctl --user start myapp
$ systemctl --user status myapp
● myapp.service - Podman container-1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae.service
Loaded: loaded (/home/shtanaka/.config/systemd/user/myapp.service; disabled; preset: disabled)
Drop-In: /usr/lib/systemd/user/service.d
└─10-timeout-abort.conf
Active: active (running) since Fri 2023-08-25 05:57:42 JST; 46s ago
Docs: man:podman-generate-systemd(1)
Process: 50973 ExecStart=/usr/bin/podman start 1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae (code=exited, status=0/SUCCESS)
Main PID: 51002 (conmon)
Tasks: 16 (limit: 9462)
Memory: 4.9M
CPU: 122ms
CGroup: /user.slice/user-1001.slice/user@1001.service/app.slice/myapp.service
├─50985 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --enable-ipv6 -c -e 3 -r 4 --netns-type=path /run/user/1001/netns/netns-881fc282-ff06-ce7f-a9f7-c4f8f5d0716d tap0
├─50987 rootlessport
├─50993 rootlessport-child
└─51002 /usr/bin/conmon --api-version 1 -c 1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae -u 1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae -r /usr/bin/crun -b /home/shtanaka/.local/share/containers/storage/overlay-contain>
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.425287 2023] [:notice] [pid 1:tid 140394866810304] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.425298 2023] [:notice] [pid 1:tid 140394866810304] ModSecurity: LUA compiled version="Lua 5.3"
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.425299 2023] [:notice] [pid 1:tid 140394866810304] ModSecurity: YAJL compiled version="2.1.0"
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.425300 2023] [:notice] [pid 1:tid 140394866810304] ModSecurity: LIBXML compiled version="2.9.7"
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.425302 2023] [:notice] [pid 1:tid 140394866810304] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
Aug 25 05:57:42 fedora38-pia myapp[51002]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.503533 2023] [ssl:warn] [pid 1:tid 140394866810304] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.503668 2023] [lbmethod_heartbeat:notice] [pid 1:tid 140394866810304] AH02282: No slotmem from mod_heartmonitor
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.510742 2023] [mpm_event:notice] [pid 1:tid 140394866810304] AH00489: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1g configured -- resuming normal operations
Aug 25 05:57:42 fedora38-pia myapp[51002]: [Thu Aug 24 20:57:42.510766 2023] [core:notice] [pid 1:tid 140394866810304] AH00094: Command line: 'httpd -D FOREGROUND'
4.6.1
$ systemctl --user daemon-reload
$ systemctl --user start myapp
$ systemctl --user status myapp
● myapp.service - Podman container-54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2.service
Loaded: loaded (/home/user/.config/systemd/user/myapp.service; disabled; preset: disabled)
Drop-In: /usr/lib/systemd/user/service.d
└─10-timeout-abort.conf
Active: active (running) since Fri 2023-08-25 05:57:38 JST; 52s ago
Docs: man:podman-generate-systemd(1)
Process: 17473 ExecStart=/usr/bin/podman start 54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2 (code=exited, status=0/SUCCESS)
Main PID: 17500 (conmon)
Tasks: 15 (limit: 4632)
Memory: 4.6M
CPU: 80ms
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/myapp.service
├─17484 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --enable-ipv6 -c -r 3 -e 4 --netns-type=path /run/user/1000/netns/netns-bb26a928-4f07-a204-f26b-cc0410657213 tap0
├─17486 rootlessport
├─17491 rootlessport-child
└─17500 /usr/bin/conmon --api-version 1 -c 54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2 -u 54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2 -r /usr/bin/crun -b /home/user/.local/share/containers/storage/overlay-containers/>
8月 25 05:57:38 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.912958 2023] [:notice] [pid 1:tid 139948803857856] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
8月 25 05:57:38 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.912969 2023] [:notice] [pid 1:tid 139948803857856] ModSecurity: LUA compiled version="Lua 5.3"
8月 25 05:57:38 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.912970 2023] [:notice] [pid 1:tid 139948803857856] ModSecurity: YAJL compiled version="2.1.0"
8月 25 05:57:38 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.912971 2023] [:notice] [pid 1:tid 139948803857856] ModSecurity: LIBXML compiled version="2.9.7"
8月 25 05:57:38 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.912973 2023] [:notice] [pid 1:tid 139948803857856] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
8月 25 05:57:38 fedora-server myapp[17500]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
8月 25 05:57:38 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.994222 2023] [ssl:warn] [pid 1:tid 139948803857856] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
8月 25 05:57:38 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.994426 2023] [lbmethod_heartbeat:notice] [pid 1:tid 139948803857856] AH02282: No slotmem from mod_heartmonitor
8月 25 05:57:39 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.999790 2023] [mpm_event:notice] [pid 1:tid 139948803857856] AH00489: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1g configured -- resuming normal operations
8月 25 05:57:39 fedora-server myapp[17500]: [Thu Aug 24 20:57:38.999807 2023] [core:notice] [pid 1:tid 139948803857856] AH00094: Command line: 'httpd -D FOREGROUND'
Original
$ systemctl --user stop myapp
4.5.1
$ systemctl --user stop myapp
4.6.1
$ systemctl --user stop myapp
Original
$ podman generate systemd --new myapp > $HOME/.config/systemd/user/myapp-new.service
$ cat $HOME/.config/systemd/user/myapp-new.service
4.5.1
$ podman generate systemd --new myapp > $HOME/.config/systemd/user/myapp-new.service
$ cat $HOME/.config/systemd/user/myapp-new.service
# container-1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae.service
# autogenerated by Podman 4.5.1
# Fri Aug 25 06:05:01 JST 2023
[Unit]
Description=Podman container-1c8a5e603f71dbf536c89b2bcec84446cdfd80cf0f4f703bba93d1add2a9ccae.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d \
--replace \
-p 8080:8080 \
--name myapp quay.io/rhatdan/myimage
ExecStop=/usr/bin/podman stop \
--ignore -t 10 \
--cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm \
-f \
--ignore -t 10 \
--cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target
4.6.1
$ cat $HOME/.config/systemd/user/myapp-new.service
# container-54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2.service
# autogenerated by Podman 4.6.1
# Fri Aug 25 06:05:04 JST 2023
[Unit]
Description=Podman container-54691fb2b03a900214f81e5588f21a6bb50e290cec607e5ac9342c802f1f47e2.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d \
--replace \
-p 8080:8080 \
--name myapp quay.io/rhatdan/myimage
ExecStop=/usr/bin/podman stop \
--ignore -t 10 \
--cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm \
-f \
--ignore -t 10 \
--cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target
Original
$ systemctl --user stop myapp
$ podman rm myapp --force -t 0
4.5.1
$ systemctl --user stop myapp
$ podman rm myapp --force -t 0
myapp
4.6.1
$ systemctl --user stop myapp
$ podman rm myapp --force -t 0
myapp
Original
$ podman create --label "io.containers.autoupdate=registry" -p 8080:8080 --name myapp quay.io/rhatdan/myimage
$ podman generate systemd myapp --new > $HOME/.config/systemd/user/myapp-new.service
コンテナイメージの更新を行うので、個人のquay.ioアカウントのイメージを使用する
4.5.1
$ podman login quay.io
$ podman push quay.io/rhatdan/myimage quay.io/tnk4on/myimage
$ podman create --label "io.containers.autoupdate=registry" -p 8080:8080 --name myapp quay.io/tnk4on/myimage
5c26f639430d0dc9d21264b8b63d447ad078ed89cfb4c485c4782b1fc38912cd
$ podman generate systemd myapp --new > $HOME/.config/systemd/user/myapp-new.service
4.6.1
$ podman login quay.io
$ podman push quay.io/rhatdan/myimage quay.io/tnk4on/myimage
$ podman create --label "io.containers.autoupdate=registry" -p 8080:8080 --name myapp quay.io/tnk4on/myimage
13b1001d373d63c81c34e85fc7b98a7ac0f2a1237ba88d33d897f3e9f3320e97
$ podman generate systemd myapp --new > $HOME/.config/systemd/user/myapp-new.service
Original
$ systemctl --user daemon-reload
$ systemctl --user start myapp-new
4.5.1
$ systemctl --user daemon-reload
$ systemctl --user start myapp-new
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a872829bd3c8 quay.io/tnk4on/myimage:latest /usr/bin/run-http... 2 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp myapp
4.6.1
$ systemctl --user daemon-reload
$ systemctl --user start myapp-new
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78a9521c322a quay.io/tnk4on/myimage:latest /usr/bin/run-http... 2 seconds ago Up 3 seconds 0.0.0.0:8080->8080/tcp myapp
Original
$ podman exec -i myapp bash -c 'cat > /var/www/html/index.html' << _EOF
<html>
<head>
</head>
<body>
<h1>Welcome to the new Hello World<h1>
</body>
</html>
_EOF
4.5.1
$ podman exec -i myapp bash -c 'cat > /var/www/html/index.html' << _EOF
<html>
<head>
</head>
<body>
<h1>Welcome to the new Hello World<h1>
</body>
</html>
_EOF
4.6.1
$ podman exec -i myapp bash -c 'cat > /var/www/html/index.html' << _EOF
<html>
<head>
</head>
<body>
<h1>Welcome to the new Hello World<h1>
</body>
</html>
_EOF
Original
$ podman commit myapp quay.io/rhatdan/myimage-new
$ podman push quay.io/rhatdan/myimage-new quay.io/rhatdan/myimage
$ podman rmi quay.io/rhatdan/myimage-new
4.5.1
$ podman commit myapp quay.io/tnk4on/myimage-new
WARN[0000] archive: skipping "/home/shtanaka/.local/share/containers/storage/overlay/a2d8febf7c82c58d24d2b5a3a68cca9d3126d68d92defb6efb54966cbb5f07d0/diff/run/httpd/cgisock.1" since it is a socket
Getting image source signatures
Copying blob e39c3abf0df9 skipped: already exists
Copying blob 8f26704f753c skipped: already exists
Copying blob 83310c7c677c skipped: already exists
Copying blob 654b3bf1361e skipped: already exists
Copying blob 164d51196137 skipped: already exists
Copying blob dd17dd425a22 done
Copying config 867af2e4b3 done
Writing manifest to image destination
Storing signatures
867af2e4b3b110a507b1d3671e94dd0f2d27db02557d57fa57618af85fa3eb2c
$ podman push quay.io/tnk4on/myimage-new quay.io/tnk4on/myimage
Getting image source signatures
Copying blob dd17dd425a22 done
Copying blob 2b782a9ad894 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying blob dfd8c625d022 skipped: already exists
Copying blob e3460238f8a1 skipped: already exists
Copying config 867af2e4b3 done
Writing manifest to image destination
Storing signatures
$ podman rmi quay.io/tnk4on/myimage-new:latest
Untagged: quay.io/tnk4on/myimage-new:latest
Deleted: 867af2e4b3b110a507b1d3671e94dd0f2d27db02557d57fa57618af85fa3eb2c
4.6.1
$ podman commit myapp quay.io/tnk4on/myimage-new
WARN[0000] archive: skipping "/home/user/.local/share/containers/storage/overlay/8a7abf168f3cdbfd8ac3b4811ded1edda9de7cb0c9606e9e0b96697088afe064/diff/run/httpd/cgisock.1" since it is a socket
Getting image source signatures
Copying blob e39c3abf0df9 skipped: already exists
Copying blob 8f26704f753c skipped: already exists
Copying blob 83310c7c677c skipped: already exists
Copying blob 654b3bf1361e skipped: already exists
Copying blob 164d51196137 skipped: already exists
Copying blob bf3ee228a549 done
Copying config 7a52a34716 done
Writing manifest to image destination
7a52a34716d507deaf60ca3016f411282d60af56e8af555bcef6f3fbbd0a0d10
$ podman push quay.io/tnk4on/myimage-new quay.io/tnk4on/myimage
Getting image source signatures
Copying blob bf3ee228a549 done
Copying blob dfd8c625d022 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying blob e3460238f8a1 skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying config 7a52a34716 done
Writing manifest to image destination
$ podman rmi quay.io/tnk4on/myimage-new:latest
Untagged: quay.io/tnk4on/myimage-new:latest
Deleted: 7a52a34716d507deaf60ca3016f411282d60af56e8af555bcef6f3fbbd0a0d10
Original
$ podman auto-update
4.5.1
$ podman auto-update
Trying to pull quay.io/tnk4on/myimage:latest...
Getting image source signatures
Copying blob a1eadb69adf1 skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob dfd8c625d022 skipped: already exists
Copying blob e3460238f8a1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying blob 4385cad2baf4 done
Copying config 7a52a34716 done
Writing manifest to image destination
Storing signatures
UNIT CONTAINER IMAGE POLICY UPDATED
myapp-new.service a872829bd3c8 (myapp) quay.io/tnk4on/myimage registry true
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
621c0b4bb361 quay.io/tnk4on/myimage:latest /usr/bin/run-http... About a minute ago Up About a minute 0.0.0.0:8080->8080/tcp myapp
$ curl localhost:8080
<html>
<head>
</head>
<body>
<h1>Welcome to the new Hello World<h1>
</body>
</html>
4.6.1
$ podman auto-update
Trying to pull quay.io/tnk4on/myimage:latest...
Getting image source signatures
Copying blob dfd8c625d022 skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying blob e3460238f8a1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying blob 4385cad2baf4 done
Copying config 7a52a34716 done
Writing manifest to image destination
UNIT CONTAINER IMAGE POLICY UPDATED
myapp-new.service 78a9521c322a (myapp) quay.io/tnk4on/myimage registry true
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2f6c410bdf7 quay.io/tnk4on/myimage:latest /usr/bin/run-http... About a minute ago Up About a minute 0.0.0.0:8080->8080/tcp myapp
$ curl localhost:8080
<html>
<head>
</head>
<body>
<h1>Welcome to the new Hello World<h1>
</body>
</html>
Original
$ systemctl --user stop myapp.service
$ cat > $HOME/.config/systemd/user/myapp.socket <<_EOF
[Unit]
Description=myapp socket service
PartOf=myapp.service
[Socket]
ListenStream=127.0.0.1:8080
[Install]
WantedBy=sockets.target
_EOF
$ systemctl --user enable --now myapp.socket
$ podman ps
4.5.1
$ systemctl --user stop myapp.service
$ systemctl --user stop myapp-new.service
$ cat > $HOME/.config/systemd/user/myapp.socket <<_EOF
[Unit]
Description=myapp socket service
PartOf=myapp.service
[Socket]
ListenStream=127.0.0.1:8080
[Install]
WantedBy=sockets.target
_EOF
4.6.1
$ systemctl --user stop myapp.service
$ systemctl --user stop myapp-new.service
cat > $HOME/.config/systemd/user/myapp.socket <<_EOF
[Unit]
Description=myapp socket service
PartOf=myapp.service
[Socket]
ListenStream=127.0.0.1:8080
[Install]
WantedBy=sockets.target
_EOF
Original
$ podman rm -f --ignore myapp
$ podman create -p 8080:8080 --name myapp quay.io/rhatdan/myimage
4.5.1
$ podman rm -f --ignore myapp
$ podman create -p 8080:8080 --name myapp quay.io/rhatdan/myimage
bb388c8f47b096afc070c1d854c71904a18b292a9d1192c6a376ed4172157b72
4.6.1
$ podman rm -f --ignore myapp
$ podman create -p 8080:8080 --name myapp quay.io/rhatdan/myimage
25901f650e59a3911eaa3d1323282d3b9d14d0d840ca2a3127f042c38a88398c
Original
$ podman kube generate myapp > myapp.yaml
4.5.1
$ podman kube generate myapp > myapp.yaml
$ cat myapp.yaml
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.5.1
apiVersion: v1
kind: Pod
metadata:
annotations:
io.podman.annotations.ulimit: nofile=524288:524288,nproc=31540:31540
creationTimestamp: "2023-08-25T01:34:36Z"
labels:
app: myapp-pod
name: myapp-pod
spec:
containers:
- args:
- /usr/bin/run-httpd
env:
- name: foo
value: bar
image: quay.io/rhatdan/myimage:latest
name: myapp
ports:
- containerPort: 8080
hostPort: 8080
securityContext:
runAsNonRoot: true
4.6.1
$ podman kube generate myapp > myapp.yaml
$ cat myapp.yaml
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.6.1
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2023-08-25T01:34:47Z"
labels:
app: myapp-pod
name: myapp-pod
spec:
containers:
- args:
- /usr/bin/run-httpd
env:
- name: foo
value: bar
image: quay.io/rhatdan/myimage:latest
name: myapp
ports:
- containerPort: 8080
hostPort: 8080
securityContext:
runAsNonRoot: true
Original
$ podman image inspect quay.io/rhatdan/myimage | jq .[].User
4.5.1
$ podman image inspect quay.io/rhatdan/myimage | jq .[].User
"1001"
4.6.1
$ podman image inspect quay.io/rhatdan/myimage | jq .[].User
"1001"
Original
$ podman kube generate --type deployment --replicas 2 myapp
4.5.1
$ podman kube generate --type deployment --replicas 2 myapp
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.5.1
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: "2023-08-25T13:54:51Z"
labels:
app: myapp-pod
name: myapp-pod-deployment
spec:
replicas: 2
selector:
matchLabels:
app: myapp-pod
template:
metadata:
annotations:
io.podman.annotations.ulimit: nofile=524288:524288,nproc=31540:31540
creationTimestamp: "2023-08-25T13:54:51Z"
labels:
app: myapp-pod
name: myapp-pod
spec:
containers:
- args:
- /usr/bin/run-httpd
env:
- name: foo
value: bar
image: quay.io/rhatdan/myimage:latest
name: myapp
ports:
- containerPort: 8080
hostPort: 8080
securityContext:
runAsNonRoot: true
4.6.1
$ podman kube generate --type deployment --replicas 2 myapp
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.6.1
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: "2023-08-25T13:54:23Z"
labels:
app: myapp-pod
name: myapp-pod-deployment
spec:
replicas: 2
selector:
matchLabels:
app: myapp-pod
template:
metadata:
creationTimestamp: "2023-08-25T13:54:23Z"
labels:
app: myapp-pod
name: myapp-pod
spec:
containers:
- args:
- /usr/bin/run-httpd
env:
- name: foo
value: bar
image: quay.io/rhatdan/myimage:latest
name: myapp
ports:
- containerPort: 8080
hostPort: 8080
securityContext:
runAsNonRoot: true
Original
$ podman rm -f --ignore myapp
$ podman kube play myapp.yaml
4.5.1
$ podman rm -f --ignore myapp
myapp
$ podman kube play myapp.yaml
Pod:
899fc00f5a9fcaf863865cb537ee712ae37dce5af7e34c7b433bd7f4c06e16bb
Container:
1218b461229b2c5bdf95f4042659869f277d094d1552a3b65fa7b6a6de7b0272
4.6.1
$ podman kube play myapp.yaml
Pod:
b42379f6f7bc2e6ef29d12b4b276f0af526359ae72f0c7387eee30b1f2c2b0fe
Container:
2741725ffbf66c7bcbf457440b911e1c8e3e9c313c94b5c32ad694fd90996dc8
Original
$ cat > ./Containerfile << _EOF
FROM ubi8-init
RUN dnf -y install httpd; dnf -y clean all
RUN systemctl enable httpd.service
_EOF
$ podman pod rm --all --force
$ podman rm --all --force
$ podman build -t mysystemd .
4.5.1
$ cat > ./Containerfile << _EOF
FROM ubi8-init
RUN dnf -y install httpd; dnf -y clean all
RUN systemctl enable httpd.service
_EOF
$ podman pod rm --all --force
$ podman rm --all --force
$ podman build -t mysystemd .
STEP 1/3: FROM ubi8-init
STEP 2/3: RUN dnf -y install httpd; dnf -y clean all
--> Using cache f29f0c4563eb9c86de0a60990dfd2eb6190f4ab331bed2f924e111bd0120ee9f
--> f29f0c4563eb
STEP 3/3: RUN systemctl enable httpd.service
--> Using cache da76534ae827b7f452b652a72323bcf2b321ea9e79e98f1d0d2d638696e2d70c
COMMIT mysystemd
--> da76534ae827
Successfully tagged localhost/mysystemd:latest
Successfully tagged localhost/my-systemd:latest
da76534ae827b7f452b652a72323bcf2b321ea9e79e98f1d0d2d638696e2d70c
4.6.1
$ cat > ./Containerfile << _EOF
FROM ubi8-init
RUN dnf -y install httpd; dnf -y clean all
RUN systemctl enable httpd.service
_EOF
$ podman pod rm --all --force
$ podman rm --all --force
$ podman build -t mysystemd .
STEP 1/3: FROM ubi8-init
STEP 2/3: RUN dnf -y install httpd; dnf -y clean all
--> Using cache 852df0f61550e6a3feedd81320b828f906b9eb6d5ed07c476ab9067b4fef1994
--> 852df0f61550
STEP 3/3: RUN systemctl enable httpd.service
--> Using cache c7ce40467b35d52e75a7b746e6eec8ab2334cf23fb211ca95e6cbc7b35c24310
COMMIT mysystemd
--> c7ce40467b35
Successfully tagged localhost/mysystemd:latest
Successfully tagged localhost/my-systemd:latest
bc0532685b1094014734af89fb1e462fed21fd7fd495b6afb62c250123bd33f4
Original
$ podman create --rm -p 8080:80 --name myapp -v ./html:/var/www/html:Z mysystemd
$ podman kube generate myapp > myapp2.yaml
$ cat myapp2.yaml
4.5.1
$ podman create --rm -p 8080:80 --name myapp -v ./html:/var/www/html:Z mysystemd
7ff12a941a3f3ad859724e0f5c595282e5d34a5974213e9be6e021ad193fee64
$ podman kube generate myapp > myapp2.yaml
$ cat myapp2.yaml
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.5.1
# NOTE: If you generated this yaml from an unprivileged and rootless podman container on an SELinux
# enabled system, check the podman generate kube man page for steps to follow to ensure that your pod/container
# has the right permissions to access the volumes added.
---
apiVersion: v1
kind: Pod
metadata:
annotations:
bind-mount-options: /home/shtanaka/html:Z
io.podman.annotations.ulimit: nofile=524288:524288,nproc=31540:31540
creationTimestamp: "2023-08-25T14:19:41Z"
labels:
app: myapp-pod
name: myapp-pod
spec:
containers:
- image: localhost/mysystemd:latest
name: myapp
ports:
- containerPort: 80
hostPort: 8080
volumeMounts:
- mountPath: /var/www/html
name: home-shtanaka-html-host-0
volumes:
- hostPath:
path: /home/shtanaka/html
type: Directory
name: home-shtanaka-html-host-0
4.6.1
$ podman create --rm -p 8080:80 --name myapp -v ./html:/var/www/html:Z mysystemd
887a625aeb525b8e92df16f5ae87187435cfcbe250ed49a00ab3d9654ab004ad
$ podman kube generate myapp > myapp2.yaml
$ cat myapp2.yaml
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.6.1
# NOTE: If you generated this yaml from an unprivileged and rootless podman container on an SELinux
# enabled system, check the podman generate kube man page for steps to follow to ensure that your pod/container
# has the right permissions to access the volumes added.
---
apiVersion: v1
kind: Pod
metadata:
annotations:
bind-mount-options: /home/user/html:Z
creationTimestamp: "2023-08-25T14:19:44Z"
labels:
app: myapp-pod
name: myapp-pod
spec:
containers:
- image: localhost/mysystemd:latest
name: myapp
ports:
- containerPort: 80
hostPort: 8080
volumeMounts:
- mountPath: /var/www/html
name: home-user-html-host-0
volumes:
- hostPath:
path: /home/user/html
type: Directory
name: home-user-html-host-0
Original
$ podman pod rm --all --force
$ podman rm --all --force
$ podman rmi mysystemd
localhost/my-systemdが残っているとイメージの削除が行えない。事前に削除しておく。
4.5.1
$ podman rmi my-systemd:latest
Untagged: localhost/my-systemd:latest
$ podman pod rm --all --force
$ podman rm --all --force
7ff12a941a3f3ad859724e0f5c595282e5d34a5974213e9be6e021ad193fee64
$ podman rmi mysystemd
Untagged: localhost/mysystemd:latest
Deleted: da76534ae827b7f452b652a72323bcf2b321ea9e79e98f1d0d2d638696e2d70c
Deleted: f29f0c4563eb9c86de0a60990dfd2eb6190f4ab331bed2f924e111bd0120ee9f
4.6.1
$ podman rmi my-systemd:latest
Untagged: localhost/my-systemd:latest
$ podman pod rm --all --force
$ podman rm --all --force
7ff12a941a3f3ad859724e0f5c595282e5d34a5974213e9be6e021ad193fee64
$ podman rmi mysystemd
Untagged: localhost/mysystemd:latest
Deleted: bc0532685b1094014734af89fb1e462fed21fd7fd495b6afb62c250123bd33f4
Deleted: 168ef26be0e0db6651c71c2a57bb8c0116250c1c760357be347a85b6b034a942
Original
$ mkdir mysystemd
$ mv Containerfile mysystemd/
$ podman kube play --build myapp2.yaml
4.5.1
$ mkdir mysystemd
$ mv Containerfile mysystemd/
$ podman kube play --build myapp2.yaml
STEP 1/3: FROM ubi8-init
STEP 2/3: RUN dnf -y install httpd; dnf -y clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 749 kB/s | 716 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStre 3.0 MB/s | 2.9 MB 00:00
Red Hat Universal Base Image 8 (RPMs) - CodeRea 133 kB/s | 99 kB 00:00
Dependencies resolved.
===================================================================================================
Package Arch Version Repository Size
===================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 ubi-8-appstream-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 110 k
mailcap noarch 2.1.48-3.el8 ubi-8-baseos-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 ubi-8-appstream-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 ubi-8-baseos-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
===================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Downloading Packages:
(1/10): redhat-logos-httpd-84.5-1.el8.noarch.rp 83 kB/s | 29 kB 00:00
(2/10): mailcap-2.1.48-3.el8.noarch.rpm 104 kB/s | 39 kB 00:00
(3/10): apr-1.6.3-12.el8.x86_64.rpm 319 kB/s | 130 kB 00:00
(4/10): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 253 kB/s | 25 kB 00:00
(5/10): apr-util-1.6.1-6.el8_8.1.x86_64.rpm 751 kB/s | 105 kB 00:00
(6/10): apr-util-openssl-1.6.1-6.el8_8.1.x86_64 302 kB/s | 27 kB 00:00
(7/10): httpd-filesystem-2.4.37-56.module+el8.8 638 kB/s | 43 kB 00:00
(8/10): httpd-tools-2.4.37-56.module+el8.8.0+18 1.3 MB/s | 110 kB 00:00
(9/10): mod_http2-1.15.7-8.module+el8.8.0+18751 1.5 MB/s | 155 kB 00:00
(10/10): httpd-2.4.37-56.module+el8.8.0+18758+b 4.0 MB/s | 1.4 MB 00:00
--------------------------------------------------------------------------------
Total 2.5 MB/s | 2.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/10
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/10
Installing : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 2/10
Installing : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 3/10
Installing : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Running scriptlet: apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Installing : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 5/10
Running scriptlet: httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : redhat-logos-httpd-84.5-1.el8.noarch 7/10
Installing : mailcap-2.1.48-3.el8.noarch 8/10
Installing : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 9/10
Installing : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Running scriptlet: httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Verifying : mailcap-2.1.48-3.el8.noarch 1/10
Verifying : redhat-logos-httpd-84.5-1.el8.noarch 2/10
Verifying : apr-1.6.3-12.el8.x86_64 3/10
Verifying : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Verifying : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 5/10
Verifying : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 6/10
Verifying : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 7/10
Verifying : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 8/10
Verifying : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 9/10
Verifying : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 10/10
Installed products updated.
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8_8.1.x86_64
apr-util-bdb-1.6.1-6.el8_8.1.x86_64
apr-util-openssl-1.6.1-6.el8_8.1.x86_64
httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch
httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64
redhat-logos-httpd-84.5-1.el8.noarch
Complete!
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
25 files removed
STEP 3/3: RUN systemctl enable httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
COMMIT localhost/mysystemd:latest
--> 0d370e621dbd
Successfully tagged localhost/mysystemd:latest
0d370e621dbdcad1193af24f39f1988a7508ca269d441e86120a1dad3906d172
Pod:
6c47b9c7ab3a676b3d7c6d0e20efe7f3bed6f9ed4c8f5541a4a64b1c0168bc38
Container:
effebc8978c9c8bae52db474019aee6e194d848367d365027ecc80949ada55fd
4.6.1
$ mkdir mysystemd
$ mv Containerfile mysystemd/
$ podman kube play --build myapp2.yaml
STEP 1/3: FROM ubi8-init
STEP 2/3: RUN dnf -y install httpd; dnf -y clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 498 kB/s | 716 kB 00:01
Red Hat Universal Base Image 8 (RPMs) - AppStre 6.7 MB/s | 2.9 MB 00:00
Red Hat Universal Base Image 8 (RPMs) - CodeRea 76 kB/s | 99 kB 00:01
Dependencies resolved.
===================================================================================================
Package Arch Version Repository Size
===================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 ubi-8-appstream-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 110 k
mailcap noarch 2.1.48-3.el8 ubi-8-baseos-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 ubi-8-appstream-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 ubi-8-baseos-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
===================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Downloading Packages:
(1/10): mailcap-2.1.48-3.el8.noarch.rpm 613 kB/s | 39 kB 00:00
(2/10): redhat-logos-httpd-84.5-1.el8.noarch.rp 457 kB/s | 29 kB 00:00
(3/10): apr-util-1.6.1-6.el8_8.1.x86_64.rpm 3.1 MB/s | 105 kB 00:00
(4/10): apr-1.6.3-12.el8.x86_64.rpm 1.3 MB/s | 130 kB 00:00
(5/10): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 665 kB/s | 25 kB 00:00
(6/10): apr-util-openssl-1.6.1-6.el8_8.1.x86_64 1.5 MB/s | 27 kB 00:00
(7/10): httpd-filesystem-2.4.37-56.module+el8.8 1.1 MB/s | 43 kB 00:00
(8/10): httpd-tools-2.4.37-56.module+el8.8.0+18 1.3 MB/s | 110 kB 00:00
(9/10): mod_http2-1.15.7-8.module+el8.8.0+18751 2.4 MB/s | 155 kB 00:00
(10/10): httpd-2.4.37-56.module+el8.8.0+18758+b 6.5 MB/s | 1.4 MB 00:00
--------------------------------------------------------------------------------
Total 6.4 MB/s | 2.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/10
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/10
Installing : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 2/10
Installing : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 3/10
Installing : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Running scriptlet: apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Installing : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 5/10
Running scriptlet: httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 6/10
Installing : redhat-logos-httpd-84.5-1.el8.noarch 7/10
Installing : mailcap-2.1.48-3.el8.noarch 8/10
Installing : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 9/10
Installing : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Running scriptlet: httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 10/10
Verifying : mailcap-2.1.48-3.el8.noarch 1/10
Verifying : redhat-logos-httpd-84.5-1.el8.noarch 2/10
Verifying : apr-1.6.3-12.el8.x86_64 3/10
Verifying : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Verifying : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 5/10
Verifying : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 6/10
Verifying : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x8 7/10
Verifying : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3 8/10
Verifying : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8d 9/10
Verifying : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3 10/10
Installed products updated.
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8_8.1.x86_64
apr-util-bdb-1.6.1-6.el8_8.1.x86_64
apr-util-openssl-1.6.1-6.el8_8.1.x86_64
httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch
httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64
mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64
redhat-logos-httpd-84.5-1.el8.noarch
Complete!
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
25 files removed
STEP 3/3: RUN systemctl enable httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
COMMIT localhost/mysystemd:latest
--> 1433cb96ae59
Successfully tagged localhost/mysystemd:latest
1433cb96ae59e8001ab48f16ff7d7780860795b62a52fa767d5b82d2cee3d0c9
Pod:
e3b1dda1e680b5a1c6b4c0ea0d69175d6acd06f2ac364cd2bdae8c40a9da7ed0
Container:
8ccd24960ccf855beb7372aa83a19f515fcc37b6f4e4eb20311636792b793839
Original
$ podman run --privileged quay.io/podman/stable podman version
4.5.1
$ podman run --privileged quay.io/podman/stable podman version
Client: Podman Engine
Version: 4.6.0
API Version: 4.6.0
Go Version: go1.20.6
Built: Fri Jul 21 12:23:26 2023
OS/Arch: linux/amd64
4.6.1
$ podman run --privileged quay.io/podman/stable podman version
Client: Podman Engine
Version: 4.6.0
API Version: 4.6.0
Go Version: go1.20.6
Built: Fri Jul 21 12:23:26 2023
OS/Arch: linux/amd64
Original
$ podman run --user podman quay.io/podman/stable podman version
$ podman run --cap-drop=all --cap-add CAP_SETUID,CAP_SETGID --user podman quay.io/podman/stable podman version
4.5.1
$ podman run --user podman quay.io/podman/stable podman version
cannot clone: Permission denied
Error: cannot re-exec process
$ podman run --cap-drop=all --cap-add CAP_SETUID,CAP_SETGID --user podman quay.io/podman/stable podman version
cannot clone: Permission denied
Error: cannot re-exec process
4.6.1
$ podman run --user podman quay.io/podman/stable podman version
Client: Podman Engine
Version: 4.6.0
API Version: 4.6.0
Go Version: go1.20.6
Built: Fri Jul 21 12:23:26 2023
OS/Arch: linux/amd64
$ podman run --cap-drop=all --cap-add CAP_SETUID,CAP_SETGID --user podman quay.io/podman/stable podman version
Client: Podman Engine
Version: 4.6.0
API Version: 4.6.0
Go Version: go1.20.6
Built: Fri Jul 21 12:23:26 2023
OS/Arch: linux/amd64
Original
$ podman system service
4.5.1
$ podman system service
4.6.1
$ podman system service
Original
$ systemctl --user enable podman.socket
$ systemctl --user start podman.socket
$ ls $XDG_RUNTIME_DIR/podman/podman.sock
4.5.1
$ systemctl --user enable podman.socket
Created symlink /home/shtanaka/.config/systemd/user/sockets.target.wants/podman.socket → /usr/lib/systemd/user/podman.socket.
$ systemctl --user start podman.socket
$ ls $XDG_RUNTIME_DIR/podman/podman.sock
/run/user/1001/podman/podman.sock
4.6.1
$ systemctl --user enable podman.socket
Created symlink /home/user/.config/systemd/user/sockets.target.wants/podman.socket → /usr/lib/systemd/user/podman.socket.
$ systemctl --user start podman.socket
$ ls $XDG_RUNTIME_DIR/podman/podman.sock
/run/user/1000/podman/podman.sock
Original
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/version | jq
4.5.1
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/version | jq
{
"Platform": {
"Name": "linux/amd64/fedora-38"
},
"Components": [
{
"Name": "Podman Engine",
"Version": "4.5.1",
"Details": {
"APIVersion": "4.5.1",
"Arch": "amd64",
"BuildTime": "2023-05-27T02:58:48+09:00",
"Experimental": "false",
"GitCommit": "",
"GoVersion": "go1.20.4",
"KernelVersion": "6.3.8-200.fc38.x86_64",
"MinAPIVersion": "4.0.0",
"Os": "linux"
}
},
{
"Name": "Conmon",
"Version": "conmon version 2.1.7, commit: ",
"Details": {
"Package": "conmon-2.1.7-2.fc38.x86_64"
}
},
{
"Name": "OCI Runtime (crun)",
"Version": "crun version 1.8.5\ncommit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed\nrundir: /run/user/1001/crun\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL",
"Details": {
"Package": "crun-1.8.5-1.fc38.x86_64"
}
}
],
"Version": "4.5.1",
"ApiVersion": "1.41",
"MinAPIVersion": "1.24",
"GitCommit": "",
"GoVersion": "go1.20.4",
"Os": "linux",
"Arch": "amd64",
"KernelVersion": "6.3.8-200.fc38.x86_64",
"BuildTime": "2023-05-27T02:58:48+09:00"
}
4.6.1
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/version | jq
{
"Platform": {
"Name": "linux/amd64/fedora-38"
},
"Components": [
{
"Name": "Podman Engine",
"Version": "4.6.1",
"Details": {
"APIVersion": "4.6.1",
"Arch": "amd64",
"BuildTime": "2023-08-11T07:07:53+09:00",
"Experimental": "false",
"GitCommit": "",
"GoVersion": "go1.20.7",
"KernelVersion": "6.2.9-300.fc38.x86_64",
"MinAPIVersion": "4.0.0",
"Os": "linux"
}
},
{
"Name": "Conmon",
"Version": "conmon version 2.1.7, commit: ",
"Details": {
"Package": "conmon-2.1.7-2.fc38.x86_64"
}
},
{
"Name": "OCI Runtime (crun)",
"Version": "crun version 1.8.6\ncommit: 73f759f4a39769f60990e7d225f561b4f4f06bcf\nrundir: /run/user/1000/crun\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL",
"Details": {
"Package": "crun-1.8.6-1.fc38.x86_64"
}
}
],
"Version": "4.6.1",
"ApiVersion": "1.41",
"MinAPIVersion": "1.24",
"GitCommit": "",
"GoVersion": "go1.20.7",
"Os": "linux",
"Arch": "amd64",
"KernelVersion": "6.2.9-300.fc38.x86_64",
"BuildTime": "2023-08-11T07:07:53+09:00"
}
Original
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/images/json | jq
4.5.1
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/images/json | jq
[
{
"Id": "2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae",
"ParentId": "",
"RepoTags": [
"quay.io/rhatdan/myimage:latest"
],
"RepoDigests": [
"quay.io/rhatdan/myimage@sha256:0460a9d13a806e124639b23e9d6ffa1e5773f7bef91469bee6ac88a4be213427"
],
"Created": 1631099209,
"Size": 461695134,
"SharedSize": 0,
"VirtualSize": 461695134,
"Labels": {
"architecture": "x86_64",
"build-date": "2021-08-05T06:23:13.478839",
"com.redhat.build-host": "cpt-1001.osbs.prod.upshift.rdu2.redhat.com",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "ubi8/httpd-24",
"release": "152",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/httpd-24/images/1-152",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ ubi8/httpd-24 sample-server",
"vcs-ref": "a90adf6894f1618e032e11f0bcaf23839daaf1c4",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Containers": 0,
"Names": [
"quay.io/rhatdan/myimage:latest"
],
"Digest": "sha256:0460a9d13a806e124639b23e9d6ffa1e5773f7bef91469bee6ac88a4be213427",
"History": [
"quay.io/rhatdan/myimage:latest"
]
}
]
4.6.1
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/images/json | jq
[
{
"Id": "2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae",
"ParentId": "",
"RepoTags": [
"quay.io/rhatdan/myimage:latest"
],
"RepoDigests": [
"quay.io/rhatdan/myimage@sha256:0460a9d13a806e124639b23e9d6ffa1e5773f7bef91469bee6ac88a4be213427"
],
"Created": 1631099209,
"Size": 461695134,
"SharedSize": 0,
"VirtualSize": 461695134,
"Labels": {
"architecture": "x86_64",
"build-date": "2021-08-05T06:23:13.478839",
"com.redhat.build-host": "cpt-1001.osbs.prod.upshift.rdu2.redhat.com",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org <sclorg@redhat.com>",
"name": "ubi8/httpd-24",
"release": "152",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/httpd-24/images/1-152",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ ubi8/httpd-24 sample-server",
"vcs-ref": "a90adf6894f1618e032e11f0bcaf23839daaf1c4",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Containers": 0,
"Names": [
"quay.io/rhatdan/myimage:latest"
],
"Digest": "sha256:0460a9d13a806e124639b23e9d6ffa1e5773f7bef91469bee6ac88a4be213427",
"History": [
"quay.io/rhatdan/myimage:latest"
]
}
]
Original
$ podman pod create --name mypod
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/pods/json | jq
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/pods/json
4.5.1
$ podman pod create --name mypod
3f2189a405472d57c5287ac639fc202a36d8d3508971583acd1c3adcfb5fa823
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/pods/json | jq
[
{
"Cgroup": "user.slice",
"Containers": [
{
"Id": "05850d271256716b15b332a1fadc49ed2371b635b644364e177afa81ae657f6f",
"Names": "3f2189a40547-infra",
"Status": "created"
}
],
"Created": "2023-08-26T00:04:00.793912606+09:00",
"Id": "3f2189a405472d57c5287ac639fc202a36d8d3508971583acd1c3adcfb5fa823",
"InfraId": "05850d271256716b15b332a1fadc49ed2371b635b644364e177afa81ae657f6f",
"Name": "mypod",
"Namespace": "",
"Networks": [],
"Status": "Created",
"Labels": {}
}
]
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/pods/json
Not Found
4.6.1
$ podman pod create --name mypod
8f6fcc1a876a32551eb90c6f4e480bcb53b26cdd4a95a14423ef303ff7913580
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/libpod/pods/json | jq
[
{
"Cgroup": "user.slice",
"Containers": [
{
"Id": "05850d271256716b15b332a1fadc49ed2371b635b644364e177afa81ae657f6f",
"Names": "3f2189a40547-infra",
"Status": "created"
}
],
"Created": "2023-08-26T00:04:00.793912606+09:00",
"Id": "3f2189a405472d57c5287ac639fc202a36d8d3508971583acd1c3adcfb5fa823",
"InfraId": "05850d271256716b15b332a1fadc49ed2371b635b644364e177afa81ae657f6f",
"Name": "mypod",
"Namespace": "",
"Networks": [],
"Status": "Created",
"Labels": {}
}
]
$ curl -s --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://d/v1.0.0/pods/json
Not Found
Original
$ sudo dnf install -y python-docker
4.5.1
$ sudo dnf install -y python-docker
[sudo] password for shtanaka:
Last metadata expiration check: 2:43:20 ago on Fri 25 Aug 2023 09:23:18 PM JST.
Dependencies resolved.
================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================================================================================================================
Installing:
python3-docker noarch 5.0.3-3.fc38 fedora 291 k
Installing dependencies:
python3-websocket-client noarch 1.3.3-3.fc38 fedora 130 k
Transaction Summary
================================================================================================================================================================================================================================================================================
Install 2 Packages
Total download size: 421 k
Installed size: 1.5 M
Downloading Packages:
(1/2): python3-websocket-client-1.3.3-3.fc38.noarch.rpm 506 kB/s | 130 kB 00:00
(2/2): python3-docker-5.0.3-3.fc38.noarch.rpm 961 kB/s | 291 kB 00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 369 kB/s | 421 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-websocket-client-1.3.3-3.fc38.noarch 1/2
Installing : python3-docker-5.0.3-3.fc38.noarch 2/2
Running scriptlet: python3-docker-5.0.3-3.fc38.noarch 2/2
Verifying : python3-docker-5.0.3-3.fc38.noarch 1/2
Verifying : python3-websocket-client-1.3.3-3.fc38.noarch 2/2
Installed:
python3-docker-5.0.3-3.fc38.noarch python3-websocket-client-1.3.3-3.fc38.noarch
Complete!
4.6.1
$ sudo dnf install -y python-docker
[sudo] user のパスワード:
メタデータの期限切れの最終確認: 1:53:37 時間前の 2023年08月25日 22時13分12秒 に実施しました。
依存関係が解決しました。
================================================================================================================================================================================================================================================================================
パッケージ アーキテクチャー バージョン リポジトリー サイズ
================================================================================================================================================================================================================================================================================
インストール:
python3-docker noarch 5.0.3-3.fc38 fedora 291 k
依存関係のインストール:
python3-websocket-client noarch 1.3.3-3.fc38 fedora 130 k
トランザクションの概要
================================================================================================================================================================================================================================================================================
インストール 2 パッケージ
ダウンロードサイズの合計: 421 k
インストール後のサイズ: 1.5 M
パッケージのダウンロード:
(1/2): python3-websocket-client-1.3.3-3.fc38.noarch.rpm 263 kB/s | 130 kB 00:00
(2/2): python3-docker-5.0.3-3.fc38.noarch.rpm 541 kB/s | 291 kB 00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
合計 196 kB/s | 421 kB 00:02
トランザクションの確認を実行中
トランザクションの確認に成功しました。
トランザクションのテストを実行中
トランザクションのテストに成功しました。
トランザクションを実行中
準備 : 1/1
インストール中 : python3-websocket-client-1.3.3-3.fc38.noarch 1/2
インストール中 : python3-docker-5.0.3-3.fc38.noarch 2/2
scriptletの実行中: python3-docker-5.0.3-3.fc38.noarch 2/2
検証 : python3-docker-5.0.3-3.fc38.noarch 1/2
検証 : python3-websocket-client-1.3.3-3.fc38.noarch 2/2
インストール済み:
python3-docker-5.0.3-3.fc38.noarch python3-websocket-client-1.3.3-3.fc38.noarch
完了しました!
Original
$ cat > images.py << _EOF
import docker
client=docker.DockerClient(base_url='unix:/run/user/1000/podman/podman.sock')
print(client.images.list(all=True))
_EOF
$ python images.py
4.5.1
4.6.1
$ python3 images.py
[<Image: 'quay.io/rhatdan/myimage:latest'>, <Image: 'localhost/podman-pause:4.6.1-1691705273'>]
Original
$ sudo dnf install -y python-podman
$ cat > podman-images.py << _EOF
import podman
client=podman.PodmanClient()
print(client.images.list())
_EOF
$ python podman-images.py
4.6.1
$ sudo dnf install -y python-podman
[sudo] user のパスワード:
メタデータの期限切れの最終確認: 4:08:08 時間前の 2023年08月26日 08時19分13秒 に実施しました。
依存関係が解決しました。
===================================================================================================================================
パッケージ アーキテクチャー バージョン リポジトリー サイズ
===================================================================================================================================
インストール:
python3-podman noarch 3:4.6.0-1.fc38 updates 209 k
依存関係のインストール:
python3-pyxdg noarch 0.27-7.fc38 fedora 134 k
トランザクションの概要
===================================================================================================================================
インストール 2 パッケージ
ダウンロードサイズの合計: 344 k
インストール後のサイズ: 1.3 M
パッケージのダウンロード:
(1/2): python3-podman-4.6.0-1.fc38.noarch.rpm 976 kB/s | 209 kB 00:00
(2/2): python3-pyxdg-0.27-7.fc38.noarch.rpm 350 kB/s | 134 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------
合計 206 kB/s | 344 kB 00:01
トランザクションの確認を実行中
トランザクションの確認に成功しました。
トランザクションのテストを実行中
トランザクションのテストに成功しました。
トランザクションを実行中
準備 : 1/1
インストール中 : python3-pyxdg-0.27-7.fc38.noarch 1/2
インストール中 : python3-podman-3:4.6.0-1.fc38.noarch 2/2
scriptletの実行中: python3-podman-3:4.6.0-1.fc38.noarch 2/2
検証 : python3-pyxdg-0.27-7.fc38.noarch 1/2
検証 : python3-podman-3:4.6.0-1.fc38.noarch 2/2
インストール済み:
python3-podman-3:4.6.0-1.fc38.noarch python3-pyxdg-0.27-7.fc38.noarch
完了しました!
$ cat > podman-images.py << _EOF
import podman
client=podman.PodmanClient()
print(client.images.list())
_EOF
$ python podman-images.py
[<Image: 'quay.io/rhatdan/myimage:latest'>, <Image: 'localhost/podman-pause:4.6.1-1691705273'>]
Original
$ cat >> podman-images.py << _EOF
for i in client.pods.list():
print(i.attrs)
_EOF
$ python podman-images.py
4.6.1
$ cat >> podman-images.py << _EOF
for i in client.pods.list():
print(i.attrs)
_EOF
$ python podman-images.py
[<Image: 'quay.io/rhatdan/myimage:latest'>, <Image: 'localhost/podman-pause:4.6.1-1691705273'>]
{'Cgroup': 'user.slice', 'Containers': [{'Id': '6ad30c37649ff2622ef129f762769302906561b707c91372d973ba493afb820c', 'Names': '8f6fcc1a876a-infra', 'Status': 'created', 'RestartCount': 0}], 'Created': '2023-08-26T00:03:56.295216313+09:00', 'Id': '8f6fcc1a876a32551eb90c6f4e480bcb53b26cdd4a95a14423ef303ff7913580', 'InfraId': '6ad30c37649ff2622ef129f762769302906561b707c91372d973ba493afb820c', 'Name': 'mypod', 'Namespace': '', 'Networks': [], 'Status': 'Created', 'Labels': {}}
Original
$ sudo dnf -y install docker-compose
$ systemctl --user start podman.socket
$ curl -H "Content-Type: application/json" --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://localhost/_ping
OK
4.6.1
$ sudo dnf -y install docker-compose
[sudo] user のパスワード:
メタデータの期限切れの最終確認: 4:13:57 時間前の 2023年08月26日 08時19分13秒 に実施しました。
依存関係が解決しました。
===================================================================================================================================
パッケージ アーキテクチャー バージョン リポジトリー サイズ
===================================================================================================================================
インストール:
docker-compose noarch 1.29.2-7.fc38 fedora 338 k
依存関係のインストール:
python3-attrs noarch 22.2.0-2.fc38 fedora 124 k
python3-bcrypt x86_64 3.2.2-5.fc38 fedora 45 k
python3-cached_property noarch 1.5.2-9.fc38 fedora 20 k
python3-certifi noarch 2022.09.24-2.fc38 fedora 15 k
python3-chardet noarch 5.2.0-1.fc38 updates 304 k
python3-click noarch 8.1.3-2.fc38 fedora 238 k
python3-cryptography x86_64 37.0.2-8.fc38 fedora 1.2 M
python3-docker+ssh noarch 5.0.3-3.fc38 fedora 8.9 k
python3-docker-pycreds noarch 0.4.0-15.fc38 fedora 28 k
python3-dockerpty noarch 0.4.1-27.fc38 updates 39 k
python3-docopt noarch 0.6.2-25.fc38 fedora 35 k
python3-dotenv noarch 0.21.1-2.fc38 fedora 53 k
python3-jsonschema noarch 4.17.3-2.fc38 fedora 201 k
python3-paramiko noarch 3.1.0-1.fc38 fedora 397 k
python3-pynacl x86_64 1.5.0-2.fc38 fedora 143 k
python3-pyrsistent x86_64 0.19.3-2.fc38 fedora 139 k
python3-texttable noarch 1.6.4-4.fc38 fedora 27 k
弱い依存関係のインストール:
python3-dotenv+cli noarch 0.21.1-2.fc38 fedora 9.4 k
python3-pyasn1 noarch 0.4.8-12.fc38 fedora 194 k
トランザクションの概要
===================================================================================================================================
インストール 20 パッケージ
ダウンロードサイズの合計: 3.5 M
インストール後のサイズ: 14 M
パッケージのダウンロード:
(1/20): python3-bcrypt-3.2.2-5.fc38.x86_64.rpm 387 kB/s | 45 kB 00:00
(2/20): python3-attrs-22.2.0-2.fc38.noarch.rpm 810 kB/s | 124 kB 00:00
(3/20): python3-cached_property-1.5.2-9.fc38.noarch.rpm 482 kB/s | 20 kB 00:00
(4/20): python3-certifi-2022.09.24-2.fc38.noarch.rpm 620 kB/s | 15 kB 00:00
(5/20): docker-compose-1.29.2-7.fc38.noarch.rpm 1.5 MB/s | 338 kB 00:00
(6/20): python3-docker+ssh-5.0.3-3.fc38.noarch.rpm 330 kB/s | 8.9 kB 00:00
(7/20): python3-docker-pycreds-0.4.0-15.fc38.noarch.rpm 699 kB/s | 28 kB 00:00
(8/20): python3-click-8.1.3-2.fc38.noarch.rpm 1.3 MB/s | 238 kB 00:00
(9/20): python3-docopt-0.6.2-25.fc38.noarch.rpm 619 kB/s | 35 kB 00:00
(10/20): python3-dotenv+cli-0.21.1-2.fc38.noarch.rpm 399 kB/s | 9.4 kB 00:00
(11/20): python3-dotenv-0.21.1-2.fc38.noarch.rpm 826 kB/s | 53 kB 00:00
(12/20): python3-jsonschema-4.17.3-2.fc38.noarch.rpm 1.2 MB/s | 201 kB 00:00
(13/20): python3-paramiko-3.1.0-1.fc38.noarch.rpm 1.2 MB/s | 397 kB 00:00
(14/20): python3-pyasn1-0.4.8-12.fc38.noarch.rpm 882 kB/s | 194 kB 00:00
(15/20): python3-pynacl-1.5.0-2.fc38.x86_64.rpm 958 kB/s | 143 kB 00:00
(16/20): python3-pyrsistent-0.19.3-2.fc38.x86_64.rpm 841 kB/s | 139 kB 00:00
(17/20): python3-texttable-1.6.4-4.fc38.noarch.rpm 515 kB/s | 27 kB 00:00
(18/20): python3-dockerpty-0.4.1-27.fc38.noarch.rpm 724 kB/s | 39 kB 00:00
(19/20): python3-chardet-5.2.0-1.fc38.noarch.rpm 1.0 MB/s | 304 kB 00:00
(20/20): python3-cryptography-37.0.2-8.fc38.x86_64.rpm 1.0 MB/s | 1.2 MB 00:01
-----------------------------------------------------------------------------------------------------------------------------------
合計 1.2 MB/s | 3.5 MB 00:02
トランザクションの確認を実行中
トランザクションの確認に成功しました。
トランザクションのテストを実行中
トランザクションのテストに成功しました。
トランザクションを実行中
準備 : 1/1
インストール中 : python3-attrs-22.2.0-2.fc38.noarch 1/20
インストール中 : python3-dockerpty-0.4.1-27.fc38.noarch 2/20
インストール中 : python3-chardet-5.2.0-1.fc38.noarch 3/20
インストール中 : python3-texttable-1.6.4-4.fc38.noarch 4/20
インストール中 : python3-pyrsistent-0.19.3-2.fc38.x86_64 5/20
インストール中 : python3-jsonschema-4.17.3-2.fc38.noarch 6/20
インストール中 : python3-pynacl-1.5.0-2.fc38.x86_64 7/20
インストール中 : python3-pyasn1-0.4.8-12.fc38.noarch 8/20
インストール中 : python3-docopt-0.6.2-25.fc38.noarch 9/20
インストール中 : python3-docker-pycreds-0.4.0-15.fc38.noarch 10/20
インストール中 : python3-cryptography-37.0.2-8.fc38.x86_64 11/20
インストール中 : python3-click-8.1.3-2.fc38.noarch 12/20
インストール中 : python3-dotenv-0.21.1-2.fc38.noarch 13/20
インストール中 : python3-dotenv+cli-0.21.1-2.fc38.noarch 14/20
インストール中 : python3-certifi-2022.09.24-2.fc38.noarch 15/20
インストール中 : python3-cached_property-1.5.2-9.fc38.noarch 16/20
インストール中 : python3-bcrypt-3.2.2-5.fc38.x86_64 17/20
インストール中 : python3-paramiko-3.1.0-1.fc38.noarch 18/20
インストール中 : python3-docker+ssh-5.0.3-3.fc38.noarch 19/20
インストール中 : docker-compose-1.29.2-7.fc38.noarch 20/20
scriptletの実行中: docker-compose-1.29.2-7.fc38.noarch 20/20
検証 : docker-compose-1.29.2-7.fc38.noarch 1/20
検証 : python3-attrs-22.2.0-2.fc38.noarch 2/20
検証 : python3-bcrypt-3.2.2-5.fc38.x86_64 3/20
検証 : python3-cached_property-1.5.2-9.fc38.noarch 4/20
検証 : python3-certifi-2022.09.24-2.fc38.noarch 5/20
検証 : python3-click-8.1.3-2.fc38.noarch 6/20
検証 : python3-cryptography-37.0.2-8.fc38.x86_64 7/20
検証 : python3-docker+ssh-5.0.3-3.fc38.noarch 8/20
検証 : python3-docker-pycreds-0.4.0-15.fc38.noarch 9/20
検証 : python3-docopt-0.6.2-25.fc38.noarch 10/20
検証 : python3-dotenv+cli-0.21.1-2.fc38.noarch 11/20
検証 : python3-dotenv-0.21.1-2.fc38.noarch 12/20
検証 : python3-jsonschema-4.17.3-2.fc38.noarch 13/20
検証 : python3-paramiko-3.1.0-1.fc38.noarch 14/20
検証 : python3-pyasn1-0.4.8-12.fc38.noarch 15/20
検証 : python3-pynacl-1.5.0-2.fc38.x86_64 16/20
検証 : python3-pyrsistent-0.19.3-2.fc38.x86_64 17/20
検証 : python3-texttable-1.6.4-4.fc38.noarch 18/20
検証 : python3-chardet-5.2.0-1.fc38.noarch 19/20
検証 : python3-dockerpty-0.4.1-27.fc38.noarch 20/20
インストール済み:
docker-compose-1.29.2-7.fc38.noarch python3-attrs-22.2.0-2.fc38.noarch python3-bcrypt-3.2.2-5.fc38.x86_64
python3-cached_property-1.5.2-9.fc38.noarch python3-certifi-2022.09.24-2.fc38.noarch python3-chardet-5.2.0-1.fc38.noarch
python3-click-8.1.3-2.fc38.noarch python3-cryptography-37.0.2-8.fc38.x86_64 python3-docker+ssh-5.0.3-3.fc38.noarch
python3-docker-pycreds-0.4.0-15.fc38.noarch python3-dockerpty-0.4.1-27.fc38.noarch python3-docopt-0.6.2-25.fc38.noarch
python3-dotenv-0.21.1-2.fc38.noarch python3-dotenv+cli-0.21.1-2.fc38.noarch python3-jsonschema-4.17.3-2.fc38.noarch
python3-paramiko-3.1.0-1.fc38.noarch python3-pyasn1-0.4.8-12.fc38.noarch python3-pynacl-1.5.0-2.fc38.x86_64
python3-pyrsistent-0.19.3-2.fc38.x86_64 python3-texttable-1.6.4-4.fc38.noarch
完了しました!
$ systemctl --user start podman.socket
$ curl -H "Content-Type: application/json" --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock http://localhost/_ping
OK
Original
$ export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
$ mkdir example
$ mv ./html example
$ cd example
$ cat > docker-compose.yaml << _EOF
version: "3.7"
services:
myapp:
image: quay.io/rhatdan/myimage:latest
volumes:
- ./html:/var/www/html
- myapp_vol:/vol
ports:
- 8080:80
volumes:
myapp_vol: {}
_EOF
4.6.1
$ export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
$ mkdir example
$ mv ./html example
$ cd example
$ cat > docker-compose.yaml << _EOF
version: "3.7"
services:
myapp:
image: quay.io/rhatdan/myimage:latest
volumes:
- ./html:/var/www/html
- myapp_vol:/vol
ports:
- 8080:80
volumes:
myapp_vol: {}
_EOF
Original
$ podman pod rm --all --force
$ podman rm --all --force
$ podman rmi --all --force
$ podman volume rm --all --force
4.6.1
$ podman pod rm --all --force
8f6fcc1a876a32551eb90c6f4e480bcb53b26cdd4a95a14423ef303ff7913580
$ podman rm --all --force
$ podman rmi --all --force
Untagged: quay.io/rhatdan/myimage:latest
Untagged: localhost/podman-pause:4.6.1-1691705273
Deleted: 2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
Deleted: 984dca2dee401d1520acaa3c50c1f01acd9ac4b23f3bc390c68ac6a10cde07a6
$ podman volume rm --all --force
0268acaf356dd24aeefce4c85d6c6ca8bfe230c0d1e4c3f51077439e69b2d92d
08dc86d4a512501d39e646c262a3aabda575ac6aec31c8d6556f86a17d3a7396
2427267b0290ed34998d86715a372c3f1dcc7bd3af4287914038e809bec1d843
346cf3784e6250dcd33190ab1530910db5c61f2a1df363dc6e5c90f87521f2ec
c5bb9b1f4eb5e5b0daf7cd1a0cda20fac0d7d2b68decfc2e47221f667a864710
fa3e91b657687fa2c3a5dd3bd4f5837c7f775b080602ecb9df50bd1a42e77a1
Original
$ docker-compose up
4.6.1
$ docker-compose up
Creating network "example_default" with the default driver
Creating volume "example_myapp_vol" with default driver
Pulling myapp (quay.io/rhatdan/myimage:latest)...
c7765172d3ce: Download complete
dfd8c625d022: Download complete
2b782a9ad894: Download complete
e3460238f8a1: Download complete
a1eadb69adf1: Download complete
2c7e43d88038: Download complete
Creating example_myapp_1 ... done
Attaching to example_myapp_1
myapp_1 | => sourcing 10-set-mpm.sh ...
myapp_1 | => sourcing 20-copy-config.sh ...
myapp_1 | => sourcing 40-ssl-certs.sh ...
myapp_1 | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.89.1.2. Set the 'ServerName' directive globally to suppress this message
myapp_1 | [Sat Aug 26 03:45:54.193512 2023] [ssl:warn] [pid 1:tid 140627157978560] AH01909: 10.89.1.2:8443:0 server certificate does NOT include an ID which matches the server name
myapp_1 | [Sat Aug 26 03:45:54.193924 2023] [:notice] [pid 1:tid 140627157978560] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
myapp_1 | [Sat Aug 26 03:45:54.193930 2023] [:notice] [pid 1:tid 140627157978560] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
myapp_1 | [Sat Aug 26 03:45:54.193933 2023] [:notice] [pid 1:tid 140627157978560] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
myapp_1 | [Sat Aug 26 03:45:54.193939 2023] [:notice] [pid 1:tid 140627157978560] ModSecurity: LUA compiled version="Lua 5.3"
myapp_1 | [Sat Aug 26 03:45:54.193940 2023] [:notice] [pid 1:tid 140627157978560] ModSecurity: YAJL compiled version="2.1.0"
myapp_1 | [Sat Aug 26 03:45:54.193941 2023] [:notice] [pid 1:tid 140627157978560] ModSecurity: LIBXML compiled version="2.9.7"
myapp_1 | [Sat Aug 26 03:45:54.193942 2023] [:notice] [pid 1:tid 140627157978560] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
myapp_1 | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.89.1.2. Set the 'ServerName' directive globally to suppress this message
myapp_1 | [Sat Aug 26 03:45:54.270203 2023] [ssl:warn] [pid 1:tid 140627157978560] AH01909: 10.89.1.2:8443:0 server certificate does NOT include an ID which matches the server name
myapp_1 | [Sat Aug 26 03:45:54.270582 2023] [lbmethod_heartbeat:notice] [pid 1:tid 140627157978560] AH02282: No slotmem from mod_heartmonitor
myapp_1 | [Sat Aug 26 03:45:54.275559 2023] [mpm_event:notice] [pid 1:tid 140627157978560] AH00489: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1g configured -- resuming normal operations
myapp_1 | [Sat Aug 26 03:45:54.275574 2023] [core:notice] [pid 1:tid 140627157978560] AH00094: Command line: 'httpd -D FOREGROUND'
Original
$ podman ps --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
$ podman volume ls
4.6.1
$ podman ps --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
eba4df36fc15 quay.io/rhatdan/myimage:latest 0.0.0.0:8080->80/tcp example_myapp_1
$ podman volume ls
DRIVER VOLUME NAME
local example_myapp_vol
Original
^C
$ podman ps --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
$ podman ps -a --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
$ docker-compose down
$ podman ps -a --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
4.6.1
^CGracefully stopping... (press Ctrl+C again to force)
Stopping example_myapp_1 ... done
$ podman ps --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
$ podman ps -a --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
eba4df36fc15 quay.io/rhatdan/myimage:latest 0.0.0.0:8080->80/tcp example_myapp_1
$ docker-compose down
Removing example_myapp_1 ... done
Removing network example_default
$ podman ps -a --format "{{.ID}} {{.Image}} {{.Ports}} {{.Names}}"
Original
$ podman --remote version
$ podman --remote run ubi8 echo hi
4.6.1
$ podman --remote version
Client: Podman Engine
Version: 4.6.1
API Version: 4.6.1
Go Version: go1.20.7
Built: Fri Aug 11 07:07:53 2023
OS/Arch: linux/amd64
Server: Podman Engine
Version: 4.6.1
API Version: 4.6.1
Go Version: go1.20.7
Built: Fri Aug 11 07:07:53 2023
OS/Arch: linux/amd64
$ podman --remote run ubi8 echo hi
Resolved "ubi8" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob sha256:70de3d8fc2c6fde734ccedc0696e222f19767371f73a21b9f13dc52bac297b52
Copying config sha256:62ac1f7ef5371d1fb6e01abd84f7a6fd80ea1c64a0728fb5f19198b084dea171
Writing manifest to image destination
Storing signatures
hi
Original
$ sudo systemctl enable --now sshd
$ systemctl --user enable --now podman.socket
$ sudo loginctl enable-linger $USER
$ podman --remote info
4.6.1
$ sudo systemctl enable --now sshd
$ systemctl --user enable --now podman.socket
$ sudo loginctl enable-linger $USER
$ podman --remote info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.fc38.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: '
cpuUtilization:
idlePercent: 99.87
systemPercent: 0.08
userPercent: 0.05
cpus: 2
databaseBackend: boltdb
distribution:
distribution: fedora
variant: server
version: "38"
eventLogger: journald
freeLocks: 2046
hostname: fedora-server
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 524288
size: 65536
kernel: 6.2.9-300.fc38.x86_64
linkmode: dynamic
logDriver: journald
memFree: 1529507840
memTotal: 4091457536
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.7.0
package: netavark-1.7.0-1.fc38.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.7.0
ociRuntime:
name: crun
package: crun-1.8.6-1.fc38.x86_64
path: /usr/bin/crun
version: |-
crun version 1.8.6
commit: 73f759f4a39769f60990e7d225f561b4f4f06bcf
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20230625.g32660ce-1.fc38.x86_64
version: |
pasta 0^20230625.g32660ce-1.fc38.x86_64
Copyright Red Hat
GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-12.fc38.x86_64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 4089966592
swapTotal: 4090490880
uptime: 124h 40m 26.00s (Approximately 5.17 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 0
stopped: 1
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/user/.local/share/containers/storage
graphRootAllocated: 16039018496
graphRootUsed: 3660677120
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 2
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/user/.local/share/containers/storage/volumes
version:
APIVersion: 4.6.1
Built: 1691705273
BuiltTime: Fri Aug 11 07:07:53 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.1
Original
$ ssh-keygen -t ed25519
$ ssh-copy-id myuser@192.168.122.
Original
$ podman system connection add server1 --identity ~/.ssh/id_ed25519 ssh://myuser@192.168.122.1/run/user/1000/podman/podman.sock
$ podman system connection list
$ podman --remote info
Original
$ podman run --rm ubi8 ls /proc/scsi
$ podman run --rm --security-opt unmask=/proc/scsi ubi8 ls /proc/scsi
$ podman run --rm --security-opt unmask=/proc/* ubi8 ls /proc/scsi
$ man podman run
4.5.1
$ podman run --rm ubi8 ls /proc/scsi
$ podman run --rm --security-opt unmask=/proc/scsi ubi8 ls /proc/scsi
device_info
scsi
sg
$ podman run --rm --security-opt unmask=/proc/* ubi8 ls /proc/scsi
device_info
scsi
sg
$ man podman run
4.6.1
$ podman run --rm ubi8 ls /proc/scsi
$ podman run --rm --security-opt unmask=/proc/scsi ubi8 ls /proc/scsi
device_info
scsi
sg
$ podman run --rm --security-opt unmask=/proc/* ubi8 ls /proc/scsi
device_info
scsi
sg
$ man podman run
Original
$ podman run --rm ubi8 ls /proc/sys/dev
$ podman run --rm --security-opt mask=/proc/sys/dev ubi8 ls /proc/sys/dev
$ podman run --rm ubi8 cat /proc/self/mountinfo
4.5.1
$ podman run --rm ubi8 ls /proc/sys/dev
cdrom
hpet
mac_hid
raid
scsi
tty
$ podman run --rm --security-opt mask=/proc/sys/dev ubi8 ls /proc/sys/dev
$ podman run --rm ubi8 cat /proc/self/mountinfo
601 521 0:54 / / rw,relatime - overlay overlay rw,context="system_u:object_r:container_file_t:s0:c255,c579",lowerdir=/home/shtanaka/.local/share/containers/storage/overlay/l/4BW3XRQZ4XHSXDNZIOGEIRTM57,upperdir=/home/shtanaka/.local/share/containers/storage/overlay/f0f9a2c0df2b9b03247e09c2331a3e9d2b308872bff46543ab8c7966994b1392/diff,workdir=/home/shtanaka/.local/share/containers/storage/overlay/f0f9a2c0df2b9b03247e09c2331a3e9d2b308872bff46543ab8c7966994b1392/work,volatile,userxattr
602 601 0:58 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
603 601 0:59 / /dev rw,nosuid - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c255,c579",size=65536k,mode=755,uid=1001,gid=1001,inode64
604 601 0:60 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs rw,seclabel
605 603 0:61 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,context="system_u:object_r:container_file_t:s0:c255,c579",gid=589828,mode=620,ptmxmode=666
606 603 0:57 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw,seclabel
607 601 0:52 /containers/overlay-containers/d4b3a0697872e160f121680bcf392ca71f463c163fa9dd8c87b26f454f2ee5e9/userdata/.containerenv /run/.containerenv rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=811556k,nr_inodes=202889,mode=700,uid=1001,gid=1001,inode64
608 601 0:52 /containers/overlay-containers/d4b3a0697872e160f121680bcf392ca71f463c163fa9dd8c87b26f454f2ee5e9/userdata/run/secrets /run/secrets rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=811556k,nr_inodes=202889,mode=700,uid=1001,gid=1001,inode64
609 601 0:52 /containers/overlay-containers/d4b3a0697872e160f121680bcf392ca71f463c163fa9dd8c87b26f454f2ee5e9/userdata/hostname /etc/hostname rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=811556k,nr_inodes=202889,mode=700,uid=1001,gid=1001,inode64
610 601 0:52 /containers/overlay-containers/d4b3a0697872e160f121680bcf392ca71f463c163fa9dd8c87b26f454f2ee5e9/userdata/resolv.conf /etc/resolv.conf rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=811556k,nr_inodes=202889,mode=700,uid=1001,gid=1001,inode64
611 601 0:52 /containers/overlay-containers/d4b3a0697872e160f121680bcf392ca71f463c163fa9dd8c87b26f454f2ee5e9/userdata/hosts /etc/hosts rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=811556k,nr_inodes=202889,mode=700,uid=1001,gid=1001,inode64
612 603 0:53 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,context="system_u:object_r:container_file_t:s0:c255,c579",size=64000k,uid=1001,gid=1001,inode64
613 604 0:25 / /sys/fs/cgroup ro,nosuid,nodev,noexec,relatime - cgroup2 cgroup2 rw,seclabel,nsdelegate,memory_recursiveprot
614 603 0:5 /null /dev/null rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
615 603 0:5 /zero /dev/zero rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
616 603 0:5 /full /dev/full rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
617 603 0:5 /tty /dev/tty rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
618 603 0:5 /random /dev/random rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
619 603 0:5 /urandom /dev/urandom rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
620 602 0:62 / /proc/acpi ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c255,c579",size=0k,uid=1001,gid=1001,inode64
621 602 0:5 /null /proc/kcore ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
622 602 0:5 /null /proc/keys ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
623 602 0:5 /null /proc/latency_stats ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
624 602 0:5 /null /proc/timer_list ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=1009314,mode=755,inode64
625 602 0:63 / /proc/scsi ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c255,c579",size=0k,uid=1001,gid=1001,inode64
626 604 0:64 / /sys/firmware ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c255,c579",size=0k,uid=1001,gid=1001,inode64
627 604 0:65 / /sys/fs/selinux ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c255,c579",size=0k,uid=1001,gid=1001,inode64
628 604 0:66 / /sys/dev/block ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c255,c579",size=0k,uid=1001,gid=1001,inode64
629 602 0:58 /asound /proc/asound ro,nosuid,nodev,noexec,relatime - proc proc rw
630 602 0:58 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
631 602 0:58 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
632 602 0:58 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
633 602 0:58 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
634 602 0:58 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
4.6.1
$ podman run --rm ubi8 ls /proc/sys/dev
cdrom
hpet
mac_hid
raid
scsi
tty
$ podman run --rm --security-opt mask=/proc/sys/dev ubi8 ls /proc/sys/dev
$ podman run --rm ubi8 cat /proc/self/mountinfo
566 434 0:53 / / rw,relatime - overlay overlay rw,context="system_u:object_r:container_file_t:s0:c546,c949",lowerdir=/home/user/.local/share/containers/storage/overlay/l/REK2FPWSMTPBFVPRQNIR7WED2L,upperdir=/home/user/.local/share/containers/storage/overlay/1de163629d197ec332e164067bd3633907a989ec5b32d3810fd6532e369827ed/diff,workdir=/home/user/.local/share/containers/storage/overlay/1de163629d197ec332e164067bd3633907a989ec5b32d3810fd6532e369827ed/work,volatile,userxattr
567 566 0:57 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
568 566 0:58 / /dev rw,nosuid - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c546,c949",size=65536k,mode=755,uid=1000,gid=1000,inode64
569 566 0:59 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs rw,seclabel
570 568 0:60 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,context="system_u:object_r:container_file_t:s0:c546,c949",gid=524292,mode=620,ptmxmode=666
571 568 0:56 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw,seclabel
572 566 0:51 /containers/overlay-containers/84d5887e5d4362940a68ad6073e4b1b65b0632ed77b8e3873edeb0902edd1610/userdata/hosts /etc/hosts rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=399556k,nr_inodes=99889,mode=700,uid=1000,gid=1000,inode64
573 568 0:52 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,context="system_u:object_r:container_file_t:s0:c546,c949",size=64000k,uid=1000,gid=1000,inode64
574 566 0:51 /containers/overlay-containers/84d5887e5d4362940a68ad6073e4b1b65b0632ed77b8e3873edeb0902edd1610/userdata/.containerenv /run/.containerenv rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=399556k,nr_inodes=99889,mode=700,uid=1000,gid=1000,inode64
575 566 0:51 /containers/overlay-containers/84d5887e5d4362940a68ad6073e4b1b65b0632ed77b8e3873edeb0902edd1610/userdata/run/secrets /run/secrets rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=399556k,nr_inodes=99889,mode=700,uid=1000,gid=1000,inode64
576 566 0:51 /containers/overlay-containers/84d5887e5d4362940a68ad6073e4b1b65b0632ed77b8e3873edeb0902edd1610/userdata/hostname /etc/hostname rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=399556k,nr_inodes=99889,mode=700,uid=1000,gid=1000,inode64
577 566 0:51 /containers/overlay-containers/84d5887e5d4362940a68ad6073e4b1b65b0632ed77b8e3873edeb0902edd1610/userdata/resolv.conf /etc/resolv.conf rw,nosuid,nodev,relatime - tmpfs tmpfs rw,seclabel,size=399556k,nr_inodes=99889,mode=700,uid=1000,gid=1000,inode64
578 569 0:25 / /sys/fs/cgroup ro,nosuid,nodev,noexec,relatime - cgroup2 cgroup2 rw,seclabel,nsdelegate,memory_recursiveprot
579 568 0:5 /null /dev/null rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
580 568 0:5 /zero /dev/zero rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
581 568 0:5 /full /dev/full rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
582 568 0:5 /tty /dev/tty rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
583 568 0:5 /random /dev/random rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
584 568 0:5 /urandom /dev/urandom rw,nosuid,noexec - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
585 567 0:61 / /proc/acpi ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c546,c949",size=0k,uid=1000,gid=1000,inode64
586 567 0:5 /null /proc/kcore ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
587 567 0:5 /null /proc/keys ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
588 567 0:5 /null /proc/latency_stats ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
589 567 0:5 /null /proc/timer_list ro,nosuid - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=494090,mode=755,inode64
590 567 0:62 / /proc/scsi ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c546,c949",size=0k,uid=1000,gid=1000,inode64
591 569 0:63 / /sys/firmware ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c546,c949",size=0k,uid=1000,gid=1000,inode64
592 569 0:64 / /sys/fs/selinux ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c546,c949",size=0k,uid=1000,gid=1000,inode64
593 569 0:65 / /sys/dev/block ro,relatime - tmpfs tmpfs rw,context="system_u:object_r:container_file_t:s0:c546,c949",size=0k,uid=1000,gid=1000,inode64
594 567 0:57 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
595 567 0:57 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
596 567 0:57 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
597 567 0:57 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
598 567 0:57 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
Original
$ capsh --print
4.5.1
$ capsh --print
Current: =
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
Ambient set =
Current IAB:
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=1001(shtanaka) euid=1001(shtanaka)
gid=1001(shtanaka)
groups=1001(shtanaka)
Guessed mode: UNCERTAIN (0)
4.6.1
$ capsh --print
Current: =
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
Ambient set =
Current IAB:
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=1000(user) euid=1000(user)
gid=1000(user)
groups=1000(user)
Guessed mode: UNCERTAIN (0)
Original
$ podman run --rm ubi8 capsh --print
4.5.1
$ podman run --rm ubi8 capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
4.6.1
$ podman run --rm ubi8 capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
Original
$ podman run --cap-drop CAP_NET_BIND_SERVICE ubi8 capsh --print
4.5.1
$ podman run --cap-drop CAP_NET_BIND_SERVICE ubi8 capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_sys_chroot,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_sys_chroot,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_bind_service,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
4.6.1
$ podman run --cap-drop CAP_NET_BIND_SERVICE ubi8 capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_sys_chroot,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_sys_chroot,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_bind_service,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
Original
$ podman run --cap-drop all ubi8 capsh --print
4.5.1
$ podman run --cap-drop all ubi8 capsh --print
Current: =
Bounding set =
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,!cap_fowner,!cap_fsetid,!cap_kill,!cap_setgid,!cap_setuid,!cap_setpcap,!cap_linux_immutable,!cap_net_bind_service,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_chroot,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_setfcap,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
4.6.1
$ podman run --cap-drop all ubi8 capsh --print
Current: =
Bounding set =
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,!cap_fowner,!cap_fsetid,!cap_kill,!cap_setgid,!cap_setuid,!cap_setpcap,!cap_linux_immutable,!cap_net_bind_service,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_chroot,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_setfcap,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
Original
$ podman run --cap-add CAP_NET_RAW ubi8 capsh --print
4.5.1
$ podman run --cap-add CAP_NET_RAW ubi8 capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
4.6.1
$ podman run --cap-add CAP_NET_RAW ubi8 capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
Original
$ podman run --cap-drop=all --cap-add CAP_NET_RAW ubi8 capsh --print
4.5.1
$ podman run --cap-drop=all --cap-add CAP_NET_RAW ubi8 capsh --print
Current: cap_net_raw=ep
Bounding set =cap_net_raw
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,!cap_fowner,!cap_fsetid,!cap_kill,!cap_setgid,!cap_setuid,!cap_setpcap,!cap_linux_immutable,!cap_net_bind_service,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_chroot,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_setfcap,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
4.6.1
$ podman run --cap-drop=all --cap-add CAP_NET_RAW ubi8 capsh --print
Current: cap_net_raw=ep
Bounding set =cap_net_raw
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,!cap_fowner,!cap_fsetid,!cap_kill,!cap_setgid,!cap_setuid,!cap_setpcap,!cap_linux_immutable,!cap_net_bind_service,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_chroot,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_setfcap,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=
Guessed mode: UNCERTAIN (0)
Original
# cat /etc/subuid
# cat /etc/subgid
4.5.1
# vi /etc/subuid
# vi /etc/subgid
# cat /etc/subuid
user:524288:65536
dwalsh:589824:65536
containers:2147483647:2147483648
# cat /etc/subgid
user:524288:65536
dwalsh:589824:65536
containers:2147483647:2147483648
4.6.1
# cat /etc/subuid
shtanaka:589824:65536
dwalsh:851968:65536
containers:2147483647:2147483648
# cat /etc/subgid
shtanaka:589824:65536
dwalsh:851968:65536
containers:2147483647:2147483648
Original
# podman run --userns=auto ubi8 cat /proc/self/uid_map
# podman run --user=2000 --userns=auto ubi8 cat /proc/self/uid_map
# podman run --userns=auto:size=5000 ubi8 cat /proc/self/uid_map
# podman run --rm --userns=auto ubi8 cat /proc/self/uid_map
# podman run --rm --userns=auto ubi8 cat /proc/self/uid_map
4.5.1
# podman run --userns=auto ubi8 cat /proc/self/uid_map
0 2147483647 1024
# podman run --user=2000 --userns=auto ubi8 cat /proc/self/uid_map
0 2147484671 2001
# podman run --userns=auto:size=5000 ubi8 cat /proc/self/uid_map
0 2147486672 5000
# podman run --rm --userns=auto ubi8 cat /proc/self/uid_map
0 2147491672 1024
# podman run --rm --userns=auto ubi8 cat /proc/self/uid_map
0 2147491672 1024
4.6.1
# podman run --userns=auto ubi8 cat /proc/self/uid_map
0 2147483647 1024
# podman run --user=2000 --userns=auto ubi8 cat /proc/self/uid_map
0 2147484671 2001
# podman run --userns=auto:size=5000 ubi8 cat /proc/self/uid_map
0 2147486672 5000
# podman run --rm --userns=auto ubi8 cat /proc/self/uid_map
0 2147491672 1024
# podman run --rm --userns=auto ubi8 cat /proc/self/uid_map
0 2147491672 1024
Original
# podman run --rm ubi8 capsh --print | grep Current
# podman run --rm --userns=auto ubi8 capsh --print | grep Current
# podman run --rm --userns=auto:size=5000 ubi8 chown 6000 /etc/motd
# podman run --rm --userns=auto:size=5000 ubi8 chown 4000 /etc/motd
4.5.1
# podman run --rm ubi8 capsh --print | grep Current
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap=ep
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
# podman run --rm --userns=auto ubi8 capsh --print | grep Current
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap=ep
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
# podman run --rm --userns=auto:size=5000 ubi8 chown 6000 /etc/motd
chown: changing ownership of '/etc/motd': Invalid argument
# podman run --rm --userns=auto:size=5000 ubi8 chown 4000 /etc/motd
4.6.1
# podman run --rm ubi8 capsh --print | grep Current
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap=ep
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
# podman run --rm --userns=auto ubi8 capsh --print | grep Current
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_chroot,cap_setfcap=ep
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
# podman run --rm --userns=auto:size=5000 ubi8 chown 6000 /etc/motd
chown: changing ownership of '/etc/motd': Invalid argument
# podman run --rm --userns=auto:size=5000 ubi8 chown 4000 /etc/motd
Original
$ podman run --userns=auto ubi8 cat /proc/self/uid_map
$ podman run --userns=auto ubi8 cat /proc/self/uid_map
$ podman run --rm ubi8 cat /proc/self/uid_map
4.5.1
$ podman run --userns=auto ubi8 cat /proc/self/uid_map
0 1 1024
$ podman run --userns=auto ubi8 cat /proc/self/uid_map
0 1025 1024
$ podman run --rm ubi8 cat /proc/self/uid_map
0 1000 1
1 524288 65536
4.6.1
$ podman run --userns=auto ubi8 cat /proc/self/uid_map
0 1 1024
$ podman run --userns=auto ubi8 cat /proc/self/uid_map
0 1025 1024
$ podman run --rm ubi8 cat /proc/self/uid_map
0 1000 1
1 524288 65536
Original
# mkdir /mnt/test
# ls -ld /mnt/test
# podman run --rm -v /mnt/test:/mnt/test --userns=auto ubi8 ls -ld /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:Z --userns=auto ubi8 touch /mnt/test/test1
4.5.1
# mkdir /mnt/test
# ls -ld /mnt/test
drwxr-xr-x. 2 root root 6 8月 27 01:38 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test --userns=auto ubi8 ls -ld /mnt/test
drwxr-xr-x. 2 nobody nobody 6 Aug 26 16:38 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:Z --userns=auto ubi8 touch /mnt/test/test1
touch: cannot touch '/mnt/test/test1': Permission denied
4.6.1
# mkdir /mnt/test
# ls -ld /mnt/test
drwxr-xr-x. 2 root root 6 Aug 27 01:38 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test --userns=auto ubi8 ls -ld /mnt/test
drwxr-xr-x. 2 nobody nobody 6 Aug 26 16:38 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:Z --userns=auto ubi8 touch /mnt/test/test1
touch: cannot touch '/mnt/test/test1': Permission denied
Original
# ls -ld /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:Z,U --userns=auto ubi8 touch /mnt/test/test1
# ls -ld /mnt/test
# chown -R root:root /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:idmap,Z --userns=auto ubi8 ls -ld /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:idmap,Z --userns=auto ubi8 touch /mnt/test/test
# ls -l /mnt/test
4.5.1
# ls -ld /mnt/test
drwxr-xr-x. 2 root root 6 8月 27 01:38 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:Z,U --userns=auto ubi8 touch /mnt/test/test1
# ls -ld /mnt/test
drwxr-xr-x. 2 2147491672 2147491672 19 8月 27 01:40 /mnt/test
# chown -R root:root /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:idmap,Z --userns=auto ubi8 ls -ld /mnt/test
drwxr-xr-x. 2 root root 19 Aug 26 16:40 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:idmap,Z --userns=auto ubi8 touch /mnt/test/test
# ls -l /mnt/test
合計 0
-rw-r--r--. 1 root root 0 8月 27 01:41 test
-rw-r--r--. 1 root root 0 8月 27 01:40 test1
4.6.1
# ls -ld /mnt/test
drwxr-xr-x. 2 root root 6 Aug 27 01:38 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:Z,U --userns=auto ubi8 touch /mnt/test/test1
# ls -ld /mnt/test
drwxr-xr-x. 2 2147491672 2147491672 19 Aug 27 01:45 /mnt/test
# chown -R root:root /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:idmap,Z --userns=auto ubi8 ls -ld /mnt/test
drwxr-xr-x. 2 root root 19 Aug 26 16:45 /mnt/test
# podman run --rm -v /mnt/test:/mnt/test:idmap,Z --userns=auto ubi8 touch /mnt/test/test
# ls -l /mnt/test
total 0
-rw-r--r--. 1 root root 0 Aug 27 01:45 test
-rw-r--r--. 1 root root 0 Aug 27 01:45 test1
Original
$ podman run --rm ubi8 find /proc -maxdepth 1 -type d -regex ".*/[0-9]*"
4.5.1
$ podman run --rm ubi8 find /proc -maxdepth 1 -type d -regex ".*/[0-9]*"
/proc/1
$ podman run --rm --pid=host ubi8 find /proc -maxdepth 1 -type d -regex ".*/[0-9]*"
/proc/1
/proc/2
/proc/3
/proc/4
/proc/5
/proc/6
/proc/8
/proc/10
/proc/12
/proc/13
/proc/14
/proc/15
/proc/16
/proc/17
/proc/18
/proc/20
/proc/21
/proc/22
/proc/23
/proc/24
/proc/26
/proc/27
/proc/28
/proc/29
/proc/30
/proc/32
/proc/33
/proc/34
/proc/35
/proc/36
/proc/38
/proc/39
/proc/40
/proc/41
/proc/42
/proc/44
/proc/45
/proc/46
/proc/48
/proc/49
/proc/50
/proc/51
/proc/52
/proc/53
/proc/54
/proc/55
/proc/56
/proc/57
/proc/58
/proc/60
/proc/68
/proc/75
/proc/76
/proc/77
/proc/78
/proc/79
/proc/80
/proc/81
/proc/82
/proc/83
/proc/84
/proc/85
/proc/86
/proc/87
/proc/88
/proc/89
/proc/90
/proc/91
/proc/92
/proc/93
/proc/94
/proc/95
/proc/96
/proc/97
/proc/98
/proc/99
/proc/100
/proc/101
/proc/102
/proc/103
/proc/108
/proc/109
/proc/110
/proc/111
/proc/117
/proc/123
/proc/124
/proc/228
/proc/270
/proc/278
/proc/279
/proc/282
/proc/285
/proc/529
/proc/551
/proc/552
/proc/553
/proc/554
/proc/555
/proc/556
/proc/557
/proc/558
/proc/559
/proc/560
/proc/636
/proc/653
/proc/692
/proc/693
/proc/694
/proc/695
/proc/696
/proc/698
/proc/699
/proc/700
/proc/728
/proc/733
/proc/737
/proc/740
/proc/742
/proc/745
/proc/762
/proc/763
/proc/776
/proc/781
/proc/786
/proc/787
/proc/788
/proc/789
/proc/790
/proc/792
/proc/803
/proc/805
/proc/806
/proc/812
/proc/813
/proc/814
/proc/829
/proc/843
/proc/855
/proc/863
/proc/864
/proc/875
/proc/877
/proc/6264
/proc/6267
/proc/6443
/proc/62301
/proc/62351
/proc/62356
/proc/62357
/proc/62359
/proc/62373
/proc/62374
/proc/62409
/proc/62420
/proc/62421
/proc/62919
/proc/62923
/proc/62924
/proc/63041
/proc/63194
/proc/64009
/proc/64033
/proc/64039
/proc/64040
/proc/64043
/proc/64044
/proc/64045
/proc/64069
/proc/64382
/proc/64383
/proc/64384
/proc/64385
/proc/64387
/proc/64408
/proc/64459
/proc/64471
/proc/64526
/proc/64587
/proc/64614
/proc/64625
/proc/64882
/proc/64894
/proc/64899
/proc/64901
4.6.1
$ podman run --rm ubi8 find /proc -maxdepth 1 -type d -regex ".*/[0-9]*"
/proc/1
$ podman run --rm --pid=host ubi8 find /proc -maxdepth 1 -type d -regex ".*/[0-9]*"
/proc/1
/proc/2
/proc/3
/proc/4
/proc/5
/proc/6
/proc/10
/proc/12
/proc/13
/proc/14
/proc/15
/proc/16
/proc/17
/proc/19
/proc/20
/proc/21
/proc/22
/proc/24
/proc/25
/proc/26
/proc/27
/proc/29
/proc/30
/proc/31
/proc/32
/proc/33
/proc/34
/proc/35
/proc/36
/proc/37
/proc/38
/proc/39
/proc/40
/proc/41
/proc/42
/proc/44
/proc/45
/proc/52
/proc/59
/proc/60
/proc/61
/proc/62
/proc/63
/proc/64
/proc/65
/proc/66
/proc/67
/proc/68
/proc/69
/proc/70
/proc/71
/proc/72
/proc/73
/proc/74
/proc/75
/proc/76
/proc/77
/proc/78
/proc/79
/proc/80
/proc/81
/proc/82
/proc/83
/proc/84
/proc/85
/proc/86
/proc/87
/proc/88
/proc/89
/proc/90
/proc/91
/proc/92
/proc/93
/proc/94
/proc/95
/proc/96
/proc/97
/proc/98
/proc/99
/proc/100
/proc/101
/proc/102
/proc/103
/proc/104
/proc/105
/proc/106
/proc/107
/proc/108
/proc/109
/proc/110
/proc/111
/proc/112
/proc/113
/proc/114
/proc/115
/proc/116
/proc/117
/proc/118
/proc/119
/proc/120
/proc/121
/proc/122
/proc/123
/proc/124
/proc/125
/proc/126
/proc/127
/proc/128
/proc/129
/proc/130
/proc/131
/proc/132
/proc/133
/proc/134
/proc/135
/proc/136
/proc/137
/proc/138
/proc/139
/proc/140
/proc/141
/proc/142
/proc/143
/proc/144
/proc/145
/proc/146
/proc/147
/proc/148
/proc/149
/proc/150
/proc/151
/proc/152
/proc/156
/proc/158
/proc/159
/proc/161
/proc/178
/proc/188
/proc/189
/proc/194
/proc/200
/proc/201
/proc/303
/proc/352
/proc/356
/proc/358
/proc/359
/proc/505
/proc/506
/proc/507
/proc/514
/proc/600
/proc/617
/proc/618
/proc/619
/proc/620
/proc/621
/proc/622
/proc/623
/proc/624
/proc/625
/proc/626
/proc/701
/proc/717
/proc/757
/proc/758
/proc/759
/proc/760
/proc/761
/proc/762
/proc/763
/proc/764
/proc/765
/proc/773
/proc/774
/proc/775
/proc/776
/proc/779
/proc/783
/proc/784
/proc/827
/proc/828
/proc/835
/proc/840
/proc/845
/proc/847
/proc/848
/proc/849
/proc/850
/proc/854
/proc/857
/proc/862
/proc/874
/proc/875
/proc/884
/proc/885
/proc/886
/proc/903
/proc/957
/proc/965
/proc/973
/proc/974
/proc/978
/proc/24979
/proc/24982
/proc/25033
/proc/25041
/proc/25042
/proc/26600
/proc/26603
/proc/26604
/proc/26646
/proc/27005
/proc/27009
/proc/27011
/proc/27024
/proc/27025
/proc/27080
/proc/28087
/proc/28090
/proc/28092
/proc/28098
/proc/28102
/proc/28318
/proc/28728
/proc/28742
/proc/28831
/proc/28832
/proc/28854
/proc/28862
/proc/28863
/proc/28864
/proc/28875
/proc/28879
/proc/28881
Original
$ podman network create net1
$ podman network create net2
4.5.1
$ podman network create net1
net1
$ podman network create net2
net2
4.6.1
$ podman network create net1
net1
$ podman network create net2
net2
Original
$ podman run -d --network net1 --name cnet1 ubi8 sleep 1000
$ podman run --network net1 alpine ping -c 1 cnet1
4.5.1
$ podman run -d --network net1 --name cnet1 ubi8 sleep 1000
f1cc6b1e32c35b92cd951bfd5b72e894aed91b7e319eb68d3c701e81967c9922
$ podman run --network net1 alpine ping -c 1 cnet1
PING cnet1 (10.89.1.2): 56 data bytes
64 bytes from 10.89.1.2: seq=0 ttl=42 time=0.064 ms
--- cnet1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.064/0.064/0.064 ms
4.6.1
$ podman run -d --network net1 --name cnet1 ubi8 sleep 1000
08388ba27e0f19c32e09c367b264df21f0734d7b679439be295321a4f0442055
$ podman run --network net1 alpine ping -c 1 cnet1
PING cnet1 (10.89.1.2): 56 data bytes
64 bytes from 10.89.1.2: seq=0 ttl=42 time=0.057 ms
--- cnet1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
Original
$ podman run --rm alpine ping -c 1 cnet1
$ podman run alpine ping -c 1 10.89.0.4
$ podman run --rm --network net2 alpine ping -c 1 cnet1
実際には、IPアドレスで疎通できるのはcnet1(ubi8 )コンテナとalpineコンテナをルートフルモードで 実行した場合だけであり、それぞれをルートレスモードで実行した場合はpingが失敗します。
4.5.1
$ podman run --rm alpine ping -c 1 cnet1
ping: bad address 'cnet1'
$ podman run alpine ping -c 1 10.89.1.2
PING 10.89.1.2 (10.89.1.2): 56 data bytes
^C
--- 10.89.1.2 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
$ podman run --rm --network net2 alpine ping -c 1 cnet1
ping: bad address 'cnet1'
4.6.1
$ podman run --rm alpine ping -c 1 cnet1
ping: bad address 'cnet1'
$ podman run alpine ping -c 1 10.89.1.2
PING 10.89.1.2 (10.89.1.2): 56 data bytes
^C
--- 10.89.1.2 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
$ podman run --rm --network net2 alpine ping -c 1 cnet1
ping: bad address 'cnet1'
Original
$ podman run -d --rm --name ipc1 ubi8 bash -c "touch /dev/shm/ipc1; sleep 1000"
$ podman run --rm ubi8 ls /dev/shm
$ podman run --rm --ipc=container:ipc1 ubi8 ls /dev/shm
4.5.1
$ podman run -d --rm --name ipc1 ubi8 bash -c "touch /dev/shm/ipc1; sleep 1000"
a2cc77f41881b743b0d000f6021f71aebe66217d69ae3760c25d2aaa82138074
$ podman run --rm ubi8 ls /dev/shm
$ podman run --rm --ipc=container:ipc1 ubi8 ls /dev/shm
ipc1
4.6.1
$ podman run -d --rm --name ipc1 ubi8 bash -c "touch /dev/shm/ipc1; sleep 1000"
b8f9d2ae51b729efe5d3d385f0a6220df0ccc539bb9250fd2204ce290035255f
$ podman run --rm ubi8 ls /dev/shm
$ podman run --rm --ipc=container:ipc1 ubi8 ls /dev/shm
ipc1
Original
$ podman run --rm ubi8 cat /proc/self/attr/current
$ podman run --rm --privileged ubi8 cat /proc/self/attr/current
$ podman run --rm ubi8 ls -Z /
$ ls -1Z $HOME/.ssh/
$ podman run -v $HOME/.ssh:/.ssh ubi8 ls /.ssh
4.5.1
$ podman run --rm ubi8 cat /proc/self/attr/current
system_u:system_r:container_t:s0:c506,c980
$ podman run --rm --privileged ubi8 cat /proc/self/attr/current
unconfined_u:unconfined_r:spc_t:s0
$ podman run --rm ubi8 ls -Z /
system_u:object_r:container_file_t:s0:c402,c620 bin
system_u:object_r:container_file_t:s0:c402,c620 boot
system_u:object_r:container_file_t:s0:c402,c620 dev
system_u:object_r:container_file_t:s0:c402,c620 etc
system_u:object_r:container_file_t:s0:c402,c620 home
system_u:object_r:container_file_t:s0:c402,c620 lib
system_u:object_r:container_file_t:s0:c402,c620 lib64
system_u:object_r:container_file_t:s0:c402,c620 lost+found
system_u:object_r:container_file_t:s0:c402,c620 media
system_u:object_r:container_file_t:s0:c402,c620 mnt
system_u:object_r:container_file_t:s0:c402,c620 opt
system_u:object_r:proc_t:s0 proc
system_u:object_r:container_file_t:s0:c402,c620 root
system_u:object_r:container_file_t:s0:c402,c620 run
system_u:object_r:container_file_t:s0:c402,c620 sbin
system_u:object_r:container_file_t:s0:c402,c620 srv
system_u:object_r:sysfs_t:s0 sys
system_u:object_r:container_file_t:s0:c402,c620 tmp
system_u:object_r:container_file_t:s0:c402,c620 usr
system_u:object_r:container_file_t:s0:c402,c620 var
$ ls -1Z $HOME/.ssh/
unconfined_u:object_r:ssh_home_t:s0 authorized_keys
$ podman run -v $HOME/.ssh:/.ssh ubi8 ls /.ssh
ls: cannot open directory '/.ssh': Permission denied
4.6.1
$ podman run --rm ubi8 cat /proc/self/attr/current
system_u:system_r:container_t:s0:c834,c954
$ podman run --rm --privileged ubi8 cat /proc/self/attr/current
unconfined_u:system_r:spc_t:s0
$ podman run --rm ubi8 ls -Z /
system_u:object_r:container_file_t:s0:c325,c522 bin
system_u:object_r:container_file_t:s0:c325,c522 boot
system_u:object_r:container_file_t:s0:c325,c522 dev
system_u:object_r:container_file_t:s0:c325,c522 etc
system_u:object_r:container_file_t:s0:c325,c522 home
system_u:object_r:container_file_t:s0:c325,c522 lib
system_u:object_r:container_file_t:s0:c325,c522 lib64
system_u:object_r:container_file_t:s0:c325,c522 lost+found
system_u:object_r:container_file_t:s0:c325,c522 media
system_u:object_r:container_file_t:s0:c325,c522 mnt
system_u:object_r:container_file_t:s0:c325,c522 opt
system_u:object_r:proc_t:s0 proc
system_u:object_r:container_file_t:s0:c325,c522 root
system_u:object_r:container_file_t:s0:c325,c522 run
system_u:object_r:container_file_t:s0:c325,c522 sbin
system_u:object_r:container_file_t:s0:c325,c522 srv
system_u:object_r:sysfs_t:s0 sys
system_u:object_r:container_file_t:s0:c325,c522 tmp
system_u:object_r:container_file_t:s0:c325,c522 usr
system_u:object_r:container_file_t:s0:c325,c522 var
$ ls -1Z $HOME/.ssh/
unconfined_u:object_r:ssh_home_t:s0 authorized_keys
$ podman run -v $HOME/.ssh:/.ssh ubi8 ls /.ssh
ls: cannot open directory '/.ssh': Permission denied
Original
$ mkdir foo
$ ls -Zd foo
$ podman run -v ./foo:/foo ubi8 touch /foo/bar
$ podman run --privileged -v ./foo:/foo ubi8 touch /foo/bar
$ ls -Z foo
$ rm foo/bar
$ podman run -v ./foo:/foo:Z ubi8 touch /foo/bar
$ ls -Z ./foo
4.5.1
$ mkdir foo
$ ls -Zd foo
unconfined_u:object_r:user_home_t:s0 foo
$ podman run -v ./foo:/foo ubi8 touch /foo/bar
touch: cannot touch '/foo/bar': Permission denied
$ podman run --privileged -v ./foo:/foo ubi8 touch /foo/bar
$ ls -Z foo
unconfined_u:object_r:user_home_t:s0 bar
$ rm foo/bar
$ podman run -v ./foo:/foo:Z ubi8 touch /foo/bar
$ ls -Z ./foo
system_u:object_r:container_file_t:s0:c573,c1014 bar
4.6.1
$ mkdir foo
$ ls -Zd foo
unconfined_u:object_r:user_home_t:s0 foo
$ podman run -v ./foo:/foo ubi8 touch /foo/bar
touch: cannot touch '/foo/bar': Permission denied
$ podman run --privileged -v ./foo:/foo ubi8 touch /foo/bar
$ ls -Z foo
unconfined_u:object_r:user_home_t:s0 bar
$ rm foo/bar
$ podman run -v ./foo:/foo:Z ubi8 touch /foo/bar
$ ls -Z ./foo
system_u:object_r:container_file_t:s0:c352,c861 bar
Original
$ podman run --rm ubi8 cat /proc/self/attr/current
$ podman run --rm ubi8 cat /proc/self/attr/current
4.5.1
$ podman run --rm ubi8 cat /proc/self/attr/current
system_u:system_r:container_t:s0:c31,c978
$ podman run --rm ubi8 cat /proc/self/attr/current
system_u:system_r:container_t:s0:c67,c647
4.6.1
$ podman run --rm ubi8 cat /proc/self/attr/current
system_u:system_r:container_t:s0:c42,c317
$ podman run --rm ubi8 cat /proc/self/attr/current
system_u:system_r:container_t:s0:c559,c633
Original
$ ls -Z ./foo
$ podman run -v ./foo:/foo ubi8 touch /foo/bar
$ podman run --security-opt label=level:s0:c454,c510 -v ./foo:/foo ubi8 touch /foo/bar
4.5.1
$ ls -Z ./foo
system_u:object_r:container_file_t:s0:c573,c1014 bar
$ podman run -v ./foo:/foo ubi8 touch /foo/bar
touch: cannot touch '/foo/bar': Permission denied
$ podman run --security-opt label=level:s0:c454,c510 -v ./foo:/foo ubi8 touch /foo/bar
touch: cannot touch '/foo/bar': Permission denied
$ podman run --security-opt label=level:s0:c573,c1014 -v ./foo:/foo ubi8 touch /foo/bar
4.6.1
$ ls -Z ./foo
system_u:object_r:container_file_t:s0:c352,c861 bar
$ podman run -v ./foo:/foo ubi8 touch /foo/bar
touch: cannot touch '/foo/bar': Permission denied
$ podman run --security-opt label=level:s0:c454,c510 -v ./foo:/foo ubi8 touch /foo/bar
touch: cannot touch '/foo/bar': Permission denied
$ podman run --security-opt label=level:s0:c352,c861 -v ./foo:/foo ubi8 touch /foo/bar
Original
$ podman run -v ./foo:/foo:z ubi8 touch /foo/bar
$ ls -Z foo/
$ podman run --rm -v ./foo:/foo ubi8 touch /foo/bar
4.5.1
$ podman run -v ./foo:/foo:z ubi8 touch /foo/bar
$ ls -Z foo/
system_u:object_r:container_file_t:s0 bar
$ podman run --rm -v ./foo:/foo ubi8 touch /foo/bar
4.6.1
$ podman run -v ./foo:/foo:z ubi8 touch /foo/bar
$ ls -Z foo/
system_u:object_r:container_file_t:s0 bar
$ podman run --rm -v ./foo:/foo ubi8 touch /foo/bar
Original
$ podman run --rm --security-opt label=disable ubi8 cat /proc/self/attr/current
$ podman run --rm -v $HOME/.ssh:/ssh --security-opt label=disable ubi8 ls /ssh
4.5.1
$ podman run --rm --security-opt label=disable ubi8 cat /proc/self/attr/current
unconfined_u:system_r:spc_t:s0
$ podman run --rm -v $HOME/.ssh:/ssh --security-opt label=disable ubi8 ls /ssh
authorized_keys
4.6.1
$ podman run --rm --security-opt label=disable ubi8 cat /proc/self/attr/current
unconfined_u:system_r:spc_t:s0
$ podman run --rm -v $HOME/.ssh:/ssh --security-opt label=disable ubi8 ls /ssh
authorized_keys
Original
$ sed '/mkdir/d' /usr/share/containers/seccomp.json > /tmp/seccomp.json
$ diff /usr/share/containers/seccomp.json /tmp/seccomp.json
$ podman run --rm --security-opt seccomp=/tmp/seccomp.json ubi8 mkdir /foo
$ podman run --rm ubi8 mkdir /foo
4.5.1
$ sed '/mkdir/d' /usr/share/containers/seccomp.json > /tmp/seccomp.json
$ diff /usr/share/containers/seccomp.json /tmp/seccomp.json
253,254d252
< "mkdir",
< "mkdirat",
$ podman run --rm --security-opt seccomp=/tmp/seccomp.json ubi8 mkdir /foo
mkdir: cannot create directory '/foo': Function not implemented
$ podman run --rm ubi8 mkdir /foo
4.6.1
$ sed '/mkdir/d' /usr/share/containers/seccomp.json > /tmp/seccomp.json
$ diff /usr/share/containers/seccomp.json /tmp/seccomp.json
253,254d252
< "mkdir",
< "mkdirat",
$ podman run --rm --security-opt seccomp=/tmp/seccomp.json ubi8 mkdir /foo
mkdir: cannot create directory '/foo': Function not implemented
$ podman run --rm ubi8 mkdir /foo
Original
# ls -l /run/docker.sock
Docker
# ls -l /run/docker.sock
srw-rw----. 1 root docker 0 Aug 27 02:29 /run/docker.sock
Original
$ docker run registry.access.redhat.com/ubi8-micro echo hi
Docker
$ docker run registry.access.redhat.com/ubi8-micro echo hi
Unable to find image 'registry.access.redhat.com/ubi8-micro:latest' locally
latest: Pulling from ubi8-micro
96aaf4ff1a66: Pull complete
Digest: sha256:9dbe78f84683dd95a8fe48bb72af002c6f2e98bbf8b09882b9a4f003de7e7709
Status: Downloaded newer image for registry.access.redhat.com/ubi8-micro:latest
hi
Original
$ docker run -ti --name hack -v /:/host --privileged registry.access.redhat.com/ubi8-micro chroot /host
# cat /etc/shadow
$ docker rm hack
Docker
sh-5.2# cat /etc/shadow
root:$y$j9T$Q6bmAy1crYZjJOfXedx7vkUF$LW9kNWQA3yLBVvMwVQkMJzcZGCNtOjpgEt34tz5xHi9::0:99999:7:::
bin:*:19378:0:99999:7:::
daemon:*:19378:0:99999:7:::
adm:*:19378:0:99999:7:::
lp:*:19378:0:99999:7:::
sync:*:19378:0:99999:7:::
shutdown:*:19378:0:99999:7:::
halt:*:19378:0:99999:7:::
mail:*:19378:0:99999:7:::
operator:*:19378:0:99999:7:::
games:*:19378:0:99999:7:::
ftp:*:19378:0:99999:7:::
nobody:*:19378:0:99999:7:::
dbus:!!:19460::::::
tss:!!:19460::::::
systemd-network:!*:19460::::::
systemd-oom:!*:19460::::::
systemd-resolve:!*:19460::::::
polkitd:!!:19460::::::
chrony:!!:19460::::::
clevis:!!:19460::::::
rpc:!!:19460:0:99999:7:::
rpcuser:!!:19460::::::
unbound:!!:19460::::::
cockpit-ws:!!:19460::::::
cockpit-wsinstance:!!:19460::::::
abrt:!!:19460::::::
setroubleshoot:!!:19460::::::
sshd:!!:19460::::::
dnsmasq:!!:19460::::::
tcpdump:!!:19460::::::
systemd-coredump:!*:19460::::::
systemd-timesync:!*:19460::::::
user:$y$j9T$EiJM2vo5MFIyUSoH3yjg51$eKoExF2zY3o5Lg4lXdKTFyh7BsaFOn4g8KOJz4vdZW6:19543:0:99999:7:::
sh-5.2# exit
exit
$ docker rm hack
hack
Original
$ cat /proc/self/loginuid
$ sudo cat /proc/self/loginuid
4.5.1
$ cat /proc/self/loginuid
1001
$ sudo cat /proc/self/loginuid
1001
4.6.1
$ cat /proc/self/loginuid
1000
$ sudo cat /proc/self/loginuid
1000
Original
$ podman run -d ubi8-micro sleep 20
$ podman inspect -l --format '{{ .State.Pid }}'
$ cat /proc/119394/loginuid
4.5.1
$ podman run -d ubi8-micro sleep 20
b641d44c8ef5a3178f608a01285dfe67bf74f09dd9a6d70eff814de8c94774bd
$ podman inspect -l --format '{{ .State.Pid }}'
66398
$ cat /proc/66398/loginuid
1001
4.6.1
$ podman run -d ubi8-micro sleep 20
17d68e3c0f621a12574572e90451a6389a4961ec1407249a8a83f8ebe8768af3
$ podman inspect -l --format '{{ .State.Pid }}'
30113
$ cat /proc/30113/loginuid
1000
Original
$ docker run -d registry.access.redhat.com/ubi8-micro sleep 20
$ docker inspect df2302cf8c6 --format '{{ .State.Pid }}'
$ cat /proc/120022/loginuid
Docker
$ docker run -d registry.access.redhat.com/ubi8-micro sleep 1000
dc5514f4d706e3abf162cf0e6f956ca3d637459aa795b6529a4031ca468af5d7
$ docker inspect dc5514f4d706 --format '{{ .State.Pid }}'
1983
$ cat /proc/1983/loginuid
4294967295
Original
# auditctl -w /etc/passwd -p wa -k passwd
# docker run --privileged -v /:/host registry.access.redhat.com/ubi8-micro:latest touch /host/etc/passwd
Docker
# auditctl -w /etc/passwd -p wa -k passwd_changes
# docker run --privileged -v /:/host registry.access.redhat.com/ubi8-micro:latest touch /host/etc/passwd
# ausearch -k passwd -i
----
type=CONFIG_CHANGE msg=audit(07/05/2023 14:23:35.610:861) : auid=user ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op=add_rule key=passwd list=exit res=yes
----
type=CONFIG_CHANGE msg=audit(08/27/2023 02:48:52.144:592) : auid=root ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op=add_rule key=passwd list=exit res=yes
Original
# podman run --privileged -v /:/host registry.access.redhat.com/ubi8-micro:latest touch /host/etc/passwd
# ausearch -k passwd -i
4.6.1
Original
$ echo "This is my secret" > /tmp/secret
$ podman secret create my_secret /tmp/secret
$ podman run --rm --secret my_secret ubi8 cat /run/secrets/my_secret
$ podman run --secret my_secret,type=env --name secret_ctr ubi8 bash -c 'echo $my_secret'
4.5.1
$ echo "This is my secret" > /tmp/secret
$ podman secret create my_secret /tmp/secret
710880a929d7022f4d65a0a76
$ podman run --rm --secret my_secret ubi8 cat /run/secrets/my_secret
This is my secret
$ podman run --secret my_secret,type=env --name secret_ctr ubi8 bash -c 'echo $my_secret'
This is my secret
4.6.1
$ echo "This is my secret" > /tmp/secret
$ podman secret create my_secret /tmp/secret
6f3b631626a97cfea688dc5f9
$ podman run --rm --secret my_secret ubi8 cat /run/secrets/my_secret
This is my secret
$ podman run --secret my_secret,type=env --name secret_ctr ubi8 bash -c 'echo $my_secret'
This is my secret
Original
$ podman commit secret_ctr secret_img
$ podman image inspect secret_img --format '{{ .Config.Env }}'
4.5.1
$ podman commit secret_ctr secret_img
Getting image source signatures
Copying blob 48bbc3bb7b39 skipped: already exists
Copying blob 88042eaacad8 done
Copying config f99fa97125 done
Writing manifest to image destination
Storing signatures
f99fa971257775732eaefa34f398c082471f6ac367a0807a5e009297c68475f6
$ podman image inspect secret_img --format '{{ .Config.Env }}'
[container=oci PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm]
4.6.1
$ podman commit secret_ctr secret_img
Getting image source signatures
Copying blob 48bbc3bb7b39 skipped: already exists
Copying blob ffc90c1ba2ea done
Copying config 564efa3d5b done
Writing manifest to image destination
564efa3d5b5f1ddc96c2579ff8b394e99e9b3a694a1ee5a5c3f3699bca358c4e
$ podman image inspect secret_img --format '{{ .Config.Env }}'
[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm container=oci]
Original
$ sudo cp /etc/containers/policy.json /tmp
$ sudo podman image trust set -t reject docker.io
$ podman pull alpine
$ sudo podman image trust set -t accept docker.io/library
$ podman pull alpine
$ podman pull bitnami/nginx
4.5.1
$ sudo cp /etc/containers/policy.json /tmp
[sudo] password for shtanaka:
$ sudo podman image trust set -t reject docker.io
$ podman pull alpine
Trying to pull docker.io/library/alpine:latest...
Error: copying system image from manifest list: Source image rejected: Running image docker://alpine:latest is rejected by policy.
$ sudo podman image trust set -t accept docker.io/library
$ podman pull alpine
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 7264a8db6415 skipped: already exists
Copying config 7e01a0d0a1 done
Writing manifest to image destination
Storing signatures
7e01a0d0a1dcd9e539f8e9bbd80106d59efbdf97293b3d38f5d7a34501526cdb
$ podman pull bitnami/nginx
✔ docker.io/bitnami/nginx:latest
Trying to pull docker.io/bitnami/nginx:latest...
Error: copying system image from manifest list: Source image rejected: Running image docker://bitnami/nginx:latest is rejected by policy.
4.6.1
$ sudo cp /etc/containers/policy.json /tmp
[sudo] user のパスワード:
$ sudo podman image trust set -t reject docker.io
$ podman pull alpine
Trying to pull docker.io/library/alpine:latest...
Error: copying system image from manifest list: Source image rejected: Running image docker://alpine:latest is rejected by policy.
$ sudo podman image trust set -t accept docker.io/library
$ podman pull alpine
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 7264a8db6415 skipped: already exists
Copying config 7e01a0d0a1 done
Writing manifest to image destination
7e01a0d0a1dcd9e539f8e9bbd80106d59efbdf97293b3d38f5d7a34501526cdb
$ podman pull bitnami/nginx
✔ docker.io/bitnami/nginx:latest
Trying to pull docker.io/bitnami/nginx:latest...
Error: copying system image from manifest list: Source image rejected: Running image docker://bitnami/nginx:latest is rejected by policy.
Original
$ cat /etc/containers/policy.json
4.5.1
$ cat /etc/containers/policy.json
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"docker.io": [
{
"type": "reject"
}
],
"docker.io/library": [
{
"type": "insecureAcceptAnything"
}
],
"registry.access.redhat.com": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}
4.6.1
$ cat /etc/containers/policy.json
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"docker.io": [
{
"type": "reject"
}
],
"docker.io/library": [
{
"type": "insecureAcceptAnything"
}
],
"registry.access.redhat.com": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}
Original
$ podman image trust show
4.5.1
$ podman image trust show
TRANSPORT NAME TYPE ID STORE
all default accept
repository docker.io reject
repository docker.io/library accept
repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore
repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore
docker-daemon accept
4.6.1
$ podman image trust show
TRANSPORT NAME TYPE ID STORE
all default accept
repository docker.io reject
repository docker.io/library accept
repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore
repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore
docker-daemon accept
Original
$ sudo podman image trust set --type=reject default
$ podman image trust show
$ sudo cp /tmp/policy.json /etc/containers/policy.json
4.5.1
$ sudo podman image trust set --type=reject default
$ podman image trust show
TRANSPORT NAME TYPE ID STORE
all default reject
repository docker.io reject
repository docker.io/library accept
repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore
repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore
docker-daemon accept
$ sudo cp /tmp/policy.json /etc/containers/policy.json
$ podman image trust show
TRANSPORT NAME TYPE ID STORE
all default accept
repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore
repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore
docker-daemon accept
4.6.1
$ sudo podman image trust set --type=reject default
$ podman image trust show
TRANSPORT NAME TYPE ID STORE
all default reject
repository docker.io reject
repository docker.io/library accept
repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore
repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore
docker-daemon accept
$ sudo cp /tmp/policy.json /etc/containers/policy.json
$ podman image trust show
TRANSPORT NAME TYPE ID STORE
all default accept
repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore
repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore
docker-daemon accept
Original
$ gpg --batch --passphrase '' --quick-gen-key dwalsh@redhat.com default default
$ sudo cp /etc/containers/registries.d/default.yaml /etc/containers/policy.json /tmp
4.5.1
$ gpg --batch --passphrase '' --quick-gen-key dwalsh@redhat.com default default
gpg: directory '/home/shtanaka/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/shtanaka/.gnupg/openpgp-revocs.d/2EBB79D715B53B7A4EF7FAF5C994476B2535F89B.rev'
$ sudo cp /etc/containers/registries.d/default.yaml /etc/containers/policy.json /tmp
4.6.1
$ gpg --batch --passphrase '' --quick-gen-key dwalsh@redhat.com default default
gpg: ディレクトリ'/home/user/.gnupg/openpgp-revocs.d'が作成されました
gpg: 失効証明書を '/home/user/.gnupg/openpgp-revocs.d/39C26509286C6DBCA1A9AD8730C0651A35918866.rev' に保管しました。
$ sudo cp /etc/containers/registries.d/default.yaml /etc/containers/policy.json /tmp
Original
$ sudo podman pull quay.io/rhatdan/myimage
$ podman login quay.io/rhatdan
$ sudo -E GNUPGHOME=$HOME/.gnupg \
podman push --tls-verify=false --sign-by dwalsh@redhat.com quay.io/rhatdan/myimage
$ sudo ls /var/lib/containers/sigstore/rhatdan/
4.5.1
$ sudo podman pull quay.io/rhatdan/myimage
$ podman login quay.io
$ sudo podman tag quay.io/rhatdan/myimage quay.io/tnk4on/myimage
$ sudo -E GNUPGHOME=$HOME/.gnupg \
podman push --tls-verify=false --sign-by dwalsh@redhat.com quay.io/tnk4on/myimage
Getting image source signatures
Copying blob 654b3bf1361e done
Copying blob 164d51196137 done
Copying blob 8f26704f753c done
Copying blob 83310c7c677c done
Copying blob e39c3abf0df9 done
Copying config 2c7e43d880 done
Writing manifest to image destination
Creating signature: Signing image using simple signing
Storing signatures
$ sudo ls /var/lib/containers/sigstore/tnk4on/
'myimage@sha256=d77349dc5bfc5d148c616dceffda82bf887c54599d9e7a779b6aae65c3a261bb'
4.6.1
$ sudo podman pull quay.io/rhatdan/myimage
[sudo] user のパスワード:
Trying to pull quay.io/rhatdan/myimage:latest...
Getting image source signatures
Copying blob e3460238f8a1 done
Copying blob c7765172d3ce done
Copying blob 2b782a9ad894 done
Copying blob dfd8c625d022 done
Copying blob a1eadb69adf1 done
Copying config 2c7e43d880 done
Writing manifest to image destination
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ podman login quay.io
Username: tnk4on
Password:
Login Succeeded!
$ sudo podman tag quay.io/rhatdan/myimage quay.io/tnk4on/myimage
$ sudo -E GNUPGHOME=$HOME/.gnupg \
podman push --tls-verify=false --sign-by dwalsh@redhat.com quay.io/tnk4on/myimage
Getting image source signatures
Copying blob 8f26704f753c done
Copying blob 83310c7c677c done
Copying blob 654b3bf1361e done
Copying blob 164d51196137 done
Copying blob e39c3abf0df9 done
Copying config 2c7e43d880 done
Writing manifest to image destination
Creating signature: Signing image using simple signing
Storing signatures
$ sudo ls /var/lib/containers/sigstore/tnk4on/
'myimage@sha256=d77349dc5bfc5d148c616dceffda82bf887c54599d9e7a779b6aae65c3a261bb'
Original
$ echo " sigstore: http://localhost:8000" | sudo tee --append /etc/containers/registries.d/default.yaml
$ cd /var/lib/containers/sigstore && python3 -m http.server
$ podman rmi quay.io/rhatdan/myimage
$ sudo podman image trust set -f /tmp/publickey.gpg quay.io/rhatdan
$ gpg --output /tmp/publickey.gpg --armor --export dwalsh@redhat.com
$ podman pull quay.io/rhatdan/myimage
$ podman pull quay.io/rhatdan/podman
$ sudo cp /tmp/default.yaml /etc/containers/registries.d/default.yaml
$ sudo cp /tmp/policy.json /etc/containers/policy.json
4.5.1
$ echo " sigstore: http://localhost:8000" | sudo tee --append /etc/containers/registries.d/default.yaml
$ cd /var/lib/containers/sigstore && python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
127.0.0.1 - - [27/Aug/2023 03:54:53] "GET /tnk4on/myimage@sha256=d77349dc5bfc5d148c616dceffda82bf887c54599d9e7a779b6aae65c3a261bb/signature-1 HTTP/1.1" 200 -
127.0.0.1 - - [27/Aug/2023 03:54:53] code 404, message File not found
127.0.0.1 - - [27/Aug/2023 03:54:53] "GET /tnk4on/myimage@sha256=d77349dc5bfc5d148c616dceffda82bf887c54599d9e7a779b6aae65c3a261bb/signature-2 HTTP/1.1" 404 -
4.5.1/Other terminal
$ podman rmi quay.io/rhatdan/myimage
Untagged: quay.io/rhatdan/myimage:latest
Deleted: 2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ sudo podman image trust set -f /tmp/publickey.gpg quay.io/tnk4on
$ cat /etc/containers/policy.json
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"quay.io/tnk4on": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/tmp/publickey.gpg"
}
],
"registry.access.redhat.com": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}
$ gpg --output /tmp/publickey.gpg --armor --export dwalsh@redhat.com
$ podman pull quay.io/tnk4on/myimage
Trying to pull quay.io/tnk4on/myimage:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob af9d47da3737 done
Copying blob 5a34f7b8901c done
Copying blob 636c950b6c20 done
Copying blob 50b578ff3c5f done
Copying blob 6a5765e16ecb done
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ podman pull quay.io/tnk4on/test
Trying to pull quay.io/tnk4on/test:latest...
Error: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists
4.6.1
$ echo " sigstore: http://localhost:8000" | sudo tee --append /etc/containers/registries.d/default.yaml
$ cd /var/lib/containers/sigstore && python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
127.0.0.1 - - [27/Aug/2023 03:58:02] "GET /tnk4on/myimage@sha256=d77349dc5bfc5d148c616dceffda82bf887c54599d9e7a779b6aae65c3a261bb/signature-1 HTTP/1.1" 200 -
127.0.0.1 - - [27/Aug/2023 03:58:02] code 404, message File not found
127.0.0.1 - - [27/Aug/2023 03:58:02] "GET /tnk4on/myimage@sha256=d77349dc5bfc5d148c616dceffda82bf887c54599d9e7a779b6aae65c3a261bb/signature-2 HTTP/1.1" 404 -
4.6.1/Other terminal
$ podman rmi quay.io/rhatdan/myimage
Error: quay.io/rhatdan/myimage: image not known
$ sudo podman image trust set -f /tmp/publickey.gpg quay.io/rhatdan
[sudo] user のパスワード:
$ gpg --output /tmp/publickey.gpg --armor --export dwalsh@redhat.com
$ podman pull quay.io/tnk4on/myimage
Trying to pull quay.io/tnk4on/myimage:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob af9d47da3737 done
Copying blob 636c950b6c20 done
Copying blob 50b578ff3c5f done
Copying blob 5a34f7b8901c done
Copying blob 6a5765e16ecb done
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
2c7e43d880382561ebae3fa06c7a1442d0da2912786d09ea9baaef87f73c29ae
$ podman pull quay.io/tnk4on/test
Trying to pull quay.io/tnk4on/test:latest...
Error: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists
Original
$ podman image mount ubi8
$ podman unshare
# podman image mount
# mnt=$(podman image mount ubi8)
# echo $mnt
# cd $mnt
# /usr/bin/find . -user root -perm -4000
4.5.1
$ podman image mount ubi8
Error: cannot run command "podman image mount" in rootless mode, must execute `podman unshare` first
$ podman unshare
# podman image mount
# mnt=$(podman image mount ubi8)
# echo $mnt
/home/shtanaka/.local/share/containers/storage/overlay/48bbc3bb7b39445dcf97d62e79e179a50d7df5cccf4e542d4b844d08cb796132/merged
# /usr/bin/find . -user root -perm -4000
./usr/bin/chage
./usr/bin/gpasswd
./usr/bin/mount
./usr/bin/newgrp
./usr/bin/passwd
./usr/bin/su
./usr/bin/umount
./usr/libexec/dbus-1/dbus-daemon-launch-helper
./usr/sbin/pam_timestamp_check
./usr/sbin/unix_chkpwd
./usr/sbin/userhelper
4.6.1
$ podman image mount ubi8
Error: cannot run command "podman image mount" in rootless mode, must execute `podman unshare` first
$ podman unshare
# podman image mount
# mnt=$(podman image mount ubi8)
# echo $mnt
/home/user/.local/share/containers/storage/overlay/48bbc3bb7b39445dcf97d62e79e179a50d7df5cccf4e542d4b844d08cb796132/merged
# /usr/bin/find . -user root -perm -4000
./usr/bin/chage
./usr/bin/gpasswd
./usr/bin/mount
./usr/bin/newgrp
./usr/bin/passwd
./usr/bin/su
./usr/bin/umount
./usr/libexec/dbus-1/dbus-daemon-launch-helper
./usr/sbin/pam_timestamp_check
./usr/sbin/unix_chkpwd
./usr/sbin/userhelper
Original
$ podman run --read-only ubi8 touch /foo
$ podman run --read-only ubi8 touch /run/foo
$ podman run --read-only-tmpfs=false --read-only ubi8 touch /run/foo
4.5.1
$ podman run --read-only ubi8 touch /foo
touch: cannot touch '/foo': Read-only file system
$ podman run --read-only ubi8 touch /run/foo
$ podman run --read-only-tmpfs=false --read-only ubi8 touch /run/foo
touch: cannot touch '/run/foo': Read-only file system
4.6.1
$ podman run --read-only ubi8 touch /foo
touch: cannot touch '/foo': Read-only file system
$ podman run --read-only ubi8 touch /run/foo
$ podman run --read-only-tmpfs=false --read-only ubi8 touch /run/foo
touch: cannot touch '/run/foo': Read-only file system
Original
$ skopeo inspect docker://quay.io/rhatdan/myimage
$ skopeo copy docker://quay.io/rhatdan/myimage containers-storage:quay.io/rhatdan/myimage
4.5.1
$ skopeo inspect docker://quay.io/rhatdan/myimage
{
"Name": "quay.io/rhatdan/myimage",
"Digest": "sha256:0460a9d13a806e124639b23e9d6ffa1e5773f7bef91469bee6ac88a4be213427",
"RepoTags": [
"1.0",
"latest"
],
"Created": "2021-09-08T11:06:49.167922944Z",
"DockerVersion": "",
"Labels": {
"architecture": "x86_64",
"build-date": "2021-08-05T06:23:13.478839",
"com.redhat.build-host": "cpt-1001.osbs.prod.upshift.rdu2.redhat.com",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org \u003csclorg@redhat.com\u003e",
"name": "ubi8/httpd-24",
"release": "152",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/httpd-24/images/1-152",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ ubi8/httpd-24 sample-server",
"vcs-ref": "a90adf6894f1618e032e11f0bcaf23839daaf1c4",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Architecture": "amd64",
"Os": "linux",
"Layers": [
"sha256:c7765172d3ce59f229d53f5c2a60346ad3922c29baa7ae19d31ef9866117d743",
"sha256:dfd8c625d0226c52da48ce402e79bc6e60a360d732bb7f6523c62cb714ec0a0d",
"sha256:2b782a9ad894d15e65ee92d0e294b8358cfc69d94bfd5b2cf8d5d286376a0f4a",
"sha256:a1eadb69adf1f7b62f76fc7bc2d7f8c28e6c03dc1f6024a4f9fd1329412efc89",
"sha256:e3460238f8a1f4698e1ec867ff96682f5d45debdd10e0503742fd15124d8bf5b"
],
"LayersData": [
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:c7765172d3ce59f229d53f5c2a60346ad3922c29baa7ae19d31ef9866117d743",
"Size": 87672714,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:dfd8c625d0226c52da48ce402e79bc6e60a360d732bb7f6523c62cb714ec0a0d",
"Size": 1871,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:2b782a9ad894d15e65ee92d0e294b8358cfc69d94bfd5b2cf8d5d286376a0f4a",
"Size": 17981023,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:a1eadb69adf1f7b62f76fc7bc2d7f8c28e6c03dc1f6024a4f9fd1329412efc89",
"Size": 67332001,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:e3460238f8a1f4698e1ec867ff96682f5d45debdd10e0503742fd15124d8bf5b",
"Size": 15648,
"Annotations": null
}
],
"Env": [
"PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"container=oci",
"HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d",
"STI_SCRIPTS_URL=image:///usr/libexec/s2i",
"HTTPD_VAR_RUN=/var/run/httpd",
"DESCRIPTION=Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d",
"HTTPD_DATA_PATH=/var/www",
"APP_ROOT=/opt/app-root",
"HTTPD_TLS_CERT_PATH=/etc/httpd/tls",
"PLATFORM=el8",
"HOME=/opt/app-root/src",
"HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/",
"HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d",
"HTTPD_APP_ROOT=/opt/app-root",
"SUMMARY=Platform for running Apache httpd 2.4 or building httpd-based application",
"HTTPD_DATA_ORIG_PATH=/var/www",
"HTTPD_LOG_PATH=/var/log/httpd",
"HTTPD_VERSION=2.4",
"HTTPD_MAIN_CONF_PATH=/etc/httpd/conf",
"STI_SCRIPTS_PATH=/usr/libexec/s2i"
]
}
$ skopeo copy docker://quay.io/rhatdan/myimage containers-storage:quay.io/rhatdan/myimage
Getting image source signatures
Copying blob e3460238f8a1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying blob dfd8c625d022 skipped: already exists
Copying config 2c7e43d880 done
Writing manifest to image destination
Storing signatures
4.6.1
$ skopeo inspect docker://quay.io/rhatdan/myimage
{
"Name": "quay.io/rhatdan/myimage",
"Digest": "sha256:0460a9d13a806e124639b23e9d6ffa1e5773f7bef91469bee6ac88a4be213427",
"RepoTags": [
"1.0",
"latest"
],
"Created": "2021-09-08T11:06:49.167922944Z",
"DockerVersion": "",
"Labels": {
"architecture": "x86_64",
"build-date": "2021-08-05T06:23:13.478839",
"com.redhat.build-host": "cpt-1001.osbs.prod.upshift.rdu2.redhat.com",
"com.redhat.component": "httpd-24-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"distribution-scope": "public",
"io.k8s.description": "Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"io.k8s.display-name": "Apache httpd 2.4",
"io.openshift.expose-services": "8080:http,8443:https",
"io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i",
"io.openshift.tags": "builder,httpd,httpd-24",
"io.s2i.scripts-url": "image:///usr/libexec/s2i",
"maintainer": "SoftwareCollections.org \u003csclorg@redhat.com\u003e",
"name": "ubi8/httpd-24",
"release": "152",
"summary": "Platform for running Apache httpd 2.4 or building httpd-based application",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/httpd-24/images/1-152",
"usage": "s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ ubi8/httpd-24 sample-server",
"vcs-ref": "a90adf6894f1618e032e11f0bcaf23839daaf1c4",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "1"
},
"Architecture": "amd64",
"Os": "linux",
"Layers": [
"sha256:c7765172d3ce59f229d53f5c2a60346ad3922c29baa7ae19d31ef9866117d743",
"sha256:dfd8c625d0226c52da48ce402e79bc6e60a360d732bb7f6523c62cb714ec0a0d",
"sha256:2b782a9ad894d15e65ee92d0e294b8358cfc69d94bfd5b2cf8d5d286376a0f4a",
"sha256:a1eadb69adf1f7b62f76fc7bc2d7f8c28e6c03dc1f6024a4f9fd1329412efc89",
"sha256:e3460238f8a1f4698e1ec867ff96682f5d45debdd10e0503742fd15124d8bf5b"
],
"LayersData": [
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:c7765172d3ce59f229d53f5c2a60346ad3922c29baa7ae19d31ef9866117d743",
"Size": 87672714,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:dfd8c625d0226c52da48ce402e79bc6e60a360d732bb7f6523c62cb714ec0a0d",
"Size": 1871,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:2b782a9ad894d15e65ee92d0e294b8358cfc69d94bfd5b2cf8d5d286376a0f4a",
"Size": 17981023,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:a1eadb69adf1f7b62f76fc7bc2d7f8c28e6c03dc1f6024a4f9fd1329412efc89",
"Size": 67332001,
"Annotations": null
},
{
"MIMEType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"Digest": "sha256:e3460238f8a1f4698e1ec867ff96682f5d45debdd10e0503742fd15124d8bf5b",
"Size": 15648,
"Annotations": null
}
],
"Env": [
"PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"container=oci",
"HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d",
"STI_SCRIPTS_URL=image:///usr/libexec/s2i",
"HTTPD_VAR_RUN=/var/run/httpd",
"DESCRIPTION=Apache httpd 2.4 available as container, is a powerful, efficient, and extensible web server. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Virtual hosting allows one Apache installation to serve many different Web sites.",
"HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d",
"HTTPD_DATA_PATH=/var/www",
"APP_ROOT=/opt/app-root",
"HTTPD_TLS_CERT_PATH=/etc/httpd/tls",
"PLATFORM=el8",
"HOME=/opt/app-root/src",
"HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/",
"HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d",
"HTTPD_APP_ROOT=/opt/app-root",
"SUMMARY=Platform for running Apache httpd 2.4 or building httpd-based application",
"HTTPD_DATA_ORIG_PATH=/var/www",
"HTTPD_LOG_PATH=/var/log/httpd",
"HTTPD_VERSION=2.4",
"HTTPD_MAIN_CONF_PATH=/etc/httpd/conf",
"STI_SCRIPTS_PATH=/usr/libexec/s2i"
]
}
$ skopeo copy docker://quay.io/rhatdan/myimage containers-storage:quay.io/rhatdan/myimage
Getting image source signatures
Copying blob e3460238f8a1 skipped: already exists
Copying blob c7765172d3ce skipped: already exists
Copying blob 2b782a9ad894 skipped: already exists
Copying blob dfd8c625d022 skipped: already exists
Copying blob a1eadb69adf1 skipped: already exists
Copying config 2c7e43d880 done
Writing manifest to image destination
Original
$ buildah from ubi8-init
$ buildah from ubi8-init
4.5.1
$ buildah from ubi8-init
Resolved "ubi8-init" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8-init:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 44716fd3877d done
Copying blob 70de3d8fc2c6 skipped: already exists
Copying config 74b14b6e91 done
Writing manifest to image destination
Storing signatures
ubi8-init-working-container
$ buildah from ubi8-init
ubi8-init-working-container-1
4.6.1
$ buildah from ubi8-init
Resolved "ubi8-init" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.access.redhat.com/ubi8-init:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 70de3d8fc2c6 skipped: already exists
Copying blob 44716fd3877d done
Copying config 74b14b6e91 done
Writing manifest to image destination
Storing signatures
ubi8-init-working-container
$ buildah from ubi8-init
ubi8-init-working-container-1
Original
$ buildah copy ubi8-init-working-container html/index.html /var/lib/www/html/
4.5.1
$ buildah copy ubi8-init-working-container html/index.html /var/lib/www/html/
f7dce8e85f824293d100eade2ca8913c2abce07b8ba39eec5a077495bab03e45
4.6.1
$ buildah copy ubi8-init-working-container html/index.html /var/lib/www/html/
a72f0005e94553ef8e16785b396d841789cbe47145a4ddf6bc6d8aeeaf46b204
Original
$ buildah run ubi8-init-working-container dnf -y install httpd
$ buildah run ubi8-init-working-container systemctl enable httpd.service
4.5.1
$ buildah run ubi8-init-working-container dnf -y install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 314 kB/s | 716 kB 00:02
Red Hat Universal Base Image 8 (RPMs) - AppStream 547 kB/s | 2.9 MB 00:05
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder 25 kB/s | 99 kB 00:03
Dependencies resolved.
================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 ubi-8-appstream-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 110 k
mailcap noarch 2.1.48-3.el8 ubi-8-baseos-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 ubi-8-appstream-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 ubi-8-baseos-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
================================================================================================================================================================================================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Downloading Packages:
(1/10): redhat-logos-httpd-84.5-1.el8.noarch.rpm 128 kB/s | 29 kB 00:00
(2/10): mailcap-2.1.48-3.el8.noarch.rpm 157 kB/s | 39 kB 00:00
(3/10): apr-1.6.3-12.el8.x86_64.rpm 396 kB/s | 130 kB 00:00
(4/10): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 309 kB/s | 25 kB 00:00
(5/10): apr-util-1.6.1-6.el8_8.1.x86_64.rpm 748 kB/s | 105 kB 00:00
(6/10): apr-util-openssl-1.6.1-6.el8_8.1.x86_64.rpm 360 kB/s | 27 kB 00:00
(7/10): httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch.rpm 567 kB/s | 43 kB 00:00
(8/10): httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64.rpm 783 kB/s | 110 kB 00:00
(9/10): mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64.rpm 1.5 MB/s | 155 kB 00:00
(10/10): httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64.rpm 5.3 MB/s | 1.4 MB 00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 3.4 MB/s | 2.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/10
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/10
Installing : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 2/10
Installing : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 3/10
Installing : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Running scriptlet: apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Installing : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 5/10
Running scriptlet: httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch 6/10
Installing : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch 6/10
Installing : redhat-logos-httpd-84.5-1.el8.noarch 7/10
Installing : mailcap-2.1.48-3.el8.noarch 8/10
Installing : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64 9/10
Installing : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 10/10
Running scriptlet: httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 10/10
Verifying : mailcap-2.1.48-3.el8.noarch 1/10
Verifying : redhat-logos-httpd-84.5-1.el8.noarch 2/10
Verifying : apr-1.6.3-12.el8.x86_64 3/10
Verifying : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Verifying : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 5/10
Verifying : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 6/10
Verifying : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 7/10
Verifying : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch 8/10
Verifying : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 9/10
Verifying : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64 10/10
Installed products updated.
Installed:
apr-1.6.3-12.el8.x86_64 apr-util-1.6.1-6.el8_8.1.x86_64 apr-util-bdb-1.6.1-6.el8_8.1.x86_64 apr-util-openssl-1.6.1-6.el8_8.1.x86_64
httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64 redhat-logos-httpd-84.5-1.el8.noarch
Complete!
$ buildah run ubi8-init-working-container systemctl enable httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
4.6.1
$ buildah run ubi8-init-working-container dnf -y install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 2.2 MB/s | 716 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStream 2.3 MB/s | 2.9 MB 00:01
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder 787 kB/s | 99 kB 00:00
Dependencies resolved.
================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 ubi-8-appstream-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 ubi-8-appstream-rpms 110 k
mailcap noarch 2.1.48-3.el8 ubi-8-baseos-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 ubi-8-appstream-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 ubi-8-baseos-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 ubi-8-appstream-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
================================================================================================================================================================================================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Downloading Packages:
(1/10): redhat-logos-httpd-84.5-1.el8.noarch.rpm 479 kB/s | 29 kB 00:00
(2/10): mailcap-2.1.48-3.el8.noarch.rpm 496 kB/s | 39 kB 00:00
(3/10): apr-1.6.3-12.el8.x86_64.rpm 1.4 MB/s | 130 kB 00:00
(4/10): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 1.3 MB/s | 25 kB 00:00
(5/10): apr-util-1.6.1-6.el8_8.1.x86_64.rpm 2.8 MB/s | 105 kB 00:00
(6/10): apr-util-openssl-1.6.1-6.el8_8.1.x86_64.rpm 824 kB/s | 27 kB 00:00
(7/10): httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64.rpm 1.6 MB/s | 110 kB 00:00
(8/10): mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64.rpm 2.1 MB/s | 155 kB 00:00
(9/10): httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64.rpm 7.9 MB/s | 1.4 MB 00:00
(10/10): httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch.rpm 161 kB/s | 43 kB 00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 5.6 MB/s | 2.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/10
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/10
Installing : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 2/10
Installing : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 3/10
Installing : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Running scriptlet: apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Installing : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 5/10
Running scriptlet: httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch 6/10
Installing : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch 6/10
Installing : redhat-logos-httpd-84.5-1.el8.noarch 7/10
Installing : mailcap-2.1.48-3.el8.noarch 8/10
Installing : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64 9/10
Installing : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 10/10
Running scriptlet: httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 10/10
Verifying : mailcap-2.1.48-3.el8.noarch 1/10
Verifying : redhat-logos-httpd-84.5-1.el8.noarch 2/10
Verifying : apr-1.6.3-12.el8.x86_64 3/10
Verifying : apr-util-1.6.1-6.el8_8.1.x86_64 4/10
Verifying : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 5/10
Verifying : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 6/10
Verifying : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 7/10
Verifying : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch 8/10
Verifying : httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 9/10
Verifying : mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64 10/10
Installed products updated.
Installed:
apr-1.6.3-12.el8.x86_64 apr-util-1.6.1-6.el8_8.1.x86_64 apr-util-bdb-1.6.1-6.el8_8.1.x86_64 apr-util-openssl-1.6.1-6.el8_8.1.x86_64
httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64 redhat-logos-httpd-84.5-1.el8.noarch
Complete!
$ buildah run ubi8-init-working-container systemctl enable httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
Original
$ buildah unshare
# mnt=$(buildah mount ubi8-init-working-container)
# echo $mnt
# grep dwalsh /etc/passwd >> $mnt/etc/passwd
# exit
$ buildah run ubi8-init-working-container grep dwalsh /etc/passwd
4.5.1
$ buildah unshare
# mnt=$(buildah mount ubi8-init-working-container)
# echo $mnt
/home/shtanaka/.local/share/containers/storage/overlay/f3ab830b3e509a994e1c6476ca8e6ea18ec3e548839ae5ca6c4add12963f6d57/merged
# grep dwalsh /etc/passwd >> $mnt/etc/passwd
# exit
exit
$ buildah run ubi8-init-working-container grep dwalsh /etc/passwd
dwalsh:x:3267:3267::/home/dwalsh:/bin/bash
4.6.1
$ buildah unshare
# mnt=$(buildah mount ubi8-init-working-container)
# echo $mnt
/home/user/.local/share/containers/storage/overlay/3c7eb0b2429b3b43457f9e4754eff47970a44d985042cfdbe57960b75c4560fe/merged
# grep dwalsh /etc/passwd >> $mnt/etc/passwd
# exit
exit
$ buildah run ubi8-init-working-container grep dwalsh /etc/passwd
dwalsh:x:3267:3267::/home/dwalsh:/bin/bash
Original
$ buildah config --port=80 --volume=/var/lib/www/html ubi8-init-working-container
$ buildah inspect --format '{{ .OCIv1.Config.ExposedPorts }} {{ .OCIv1.Config.Volumes}}' ubi8-init-working-container
4.5.1
$ buildah config --port=80 --volume=/var/lib/www/html ubi8-init-working-container
$ buildah inspect --format '{{ .OCIv1.Config.ExposedPorts }} {{ .OCIv1.Config.Volumes}}' ubi8-init-working-container
map[80:{}] map[/var/lib/www/html:{}]
4.6.1
$ buildah config --port=80 --volume=/var/lib/www/html ubi8-init-working-container
$ buildah inspect --format '{{ .OCIv1.Config.ExposedPorts }} {{ .OCIv1.Config.Volumes}}' ubi8-init-working-container
map[80:{}] map[/var/lib/www/html:{}]
Original
$ buildah commit ubi8-init-working-container quay.io/rhatdan/myimage2
$ buildah images
$ podman images
$ podman run quay.io/rhatdan/myimage2 grep dwalsh /etc/passwd
4.5.1
$ buildah commit ubi8-init-working-container quay.io/rhatdan/myimage2
Getting image source signatures
Copying blob 48bbc3bb7b39 skipped: already exists
Copying blob 6e253c12bdcc skipped: already exists
Copying blob 78b1a77084ea done
Copying config 2c4cf06546 done
Writing manifest to image destination
2c4cf06546ed53568419888b8052eb02b948a02e4202cda5e272bf1e83904b5b
$ buildah images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage2 latest 2c4cf06546ed 6 seconds ago 261 MB
localhost/secret_img latest f99fa9712577 19 hours ago 215 MB
localhost/podman-pause 4.5.1-1685123928 093c6b0cde9d 47 hours ago 1.11 MB
registry.access.redhat.com/ubi8-init latest 74b14b6e9195 4 days ago 231 MB
registry.access.redhat.com/ubi8 latest 62ac1f7ef537 4 days ago 644 MB
docker.io/library/alpine latest 7e01a0d0a1dc 2 weeks ago 7.63 MB
registry.access.redhat.com/ubi8-micro latest 81f2db598441 3 weeks ago 28.5 MB
quay.io/podman/stable latest 4446bdad587e 3 weeks ago 595 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
quay.io/tnk4on/myimage latest 2c7e43d88038 23 months ago 462 MB
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage2 latest 2c4cf06546ed 14 seconds ago 261 MB
localhost/secret_img latest f99fa9712577 19 hours ago 215 MB
localhost/podman-pause 4.5.1-1685123928 093c6b0cde9d 47 hours ago 1.11 MB
registry.access.redhat.com/ubi8-init latest 74b14b6e9195 4 days ago 231 MB
registry.access.redhat.com/ubi8 latest 62ac1f7ef537 4 days ago 644 MB
docker.io/library/alpine latest 7e01a0d0a1dc 2 weeks ago 7.63 MB
registry.access.redhat.com/ubi8-micro latest 81f2db598441 3 weeks ago 28.5 MB
quay.io/podman/stable latest 4446bdad587e 3 weeks ago 595 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
quay.io/tnk4on/myimage latest 2c7e43d88038 23 months ago 462 MB
$ podman run quay.io/rhatdan/myimage2 grep dwalsh /etc/passwd
dwalsh:x:3267:3267::/home/dwalsh:/bin/bash
4.6.1
$ buildah commit ubi8-init-working-container quay.io/rhatdan/myimage2
Getting image source signatures
Copying blob 48bbc3bb7b39 skipped: already exists
Copying blob 6e253c12bdcc skipped: already exists
Copying blob 79f6d352ae43 done
Copying config 9a569ba4ae done
Writing manifest to image destination
9a569ba4ae0394220c93b9be283cb27fb9632dc6a52ece032e8706ccd2be1a91
$ buildah images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage2 latest 9a569ba4ae03 5 seconds ago 261 MB
localhost/secret_img latest 564efa3d5b5f 19 hours ago 215 MB
registry.access.redhat.com/ubi8-init latest 74b14b6e9195 4 days ago 231 MB
registry.access.redhat.com/ubi8 latest 62ac1f7ef537 4 days ago 644 MB
docker.io/library/alpine latest 7e01a0d0a1dc 2 weeks ago 7.63 MB
registry.access.redhat.com/ubi8-micro latest 81f2db598441 3 weeks ago 28.5 MB
quay.io/podman/stable latest 4446bdad587e 3 weeks ago 595 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
quay.io/tnk4on/myimage latest 2c7e43d88038 23 months ago 462 MB
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/rhatdan/myimage2 latest 9a569ba4ae03 10 seconds ago 261 MB
localhost/secret_img latest 564efa3d5b5f 19 hours ago 215 MB
registry.access.redhat.com/ubi8-init latest 74b14b6e9195 4 days ago 231 MB
registry.access.redhat.com/ubi8 latest 62ac1f7ef537 4 days ago 644 MB
docker.io/library/alpine latest 7e01a0d0a1dc 2 weeks ago 7.63 MB
registry.access.redhat.com/ubi8-micro latest 81f2db598441 3 weeks ago 28.5 MB
quay.io/podman/stable latest 4446bdad587e 3 weeks ago 595 MB
quay.io/rhatdan/myimage latest 2c7e43d88038 23 months ago 462 MB
quay.io/tnk4on/myimage latest 2c7e43d88038 23 months ago 462 MB
$ podman run quay.io/rhatdan/myimage2 grep dwalsh /etc/passwd
dwalsh:x:3267:3267::/home/dwalsh:/bin/bash
Original
$ buildah login quay.io
4.5.1
$ buildah login quay.io
Username: tnk4on
Password:
Login Succeeded!
4.6.1
$ buildah login quay.io
Username: tnk4on
Password:
Login Succeeded!
Original
$ cat myapp/Containerfile
$ buildah build ./myapp
4.5.1
$ cat myapp/Containerfile
FROM ubi8/httpd-24
COPY index.html /var/www/html/index.html
$ buildah build ./myapp
STEP 1/2: FROM ubi8/httpd-24
Resolved "ubi8/httpd-24" as an alias (/home/shtanaka/.cache/containers/short-name-aliases.conf)
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 9ece777c9660 done
Copying blob 70de3d8fc2c6 skipped: already exists
Copying blob b653248f5bcb done
Copying config c4127096ce done
Writing manifest to image destination
Storing signatures
STEP 2/2: COPY index.html /var/www/html/index.html
COMMIT
Getting image source signatures
Copying blob 48bbc3bb7b39 skipped: already exists
Copying blob ca07266b6575 skipped: already exists
Copying blob 2860cc774137 skipped: already exists
Copying blob 160560038b4a done
Copying config 604bf41a33 done
Writing manifest to image destination
--> 604bf41a33c7
604bf41a33c77e2bc2e4d82c4eb1a459b7586d7429755bc86b8ec0565337c11a
4.6.1
$ cat myapp/Containerfile
FROM ubi8/httpd-24
COPY index.html /var/www/html/index.html
$ buildah build ./myapp
STEP 1/2: FROM ubi8/httpd-24
Resolved "ubi8/httpd-24" as an alias (/home/user/.cache/containers/short-name-aliases.conf)
Trying to pull registry.access.redhat.com/ubi8/httpd-24:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 9ece777c9660 done
Copying blob 70de3d8fc2c6 skipped: already exists
Copying blob b653248f5bcb done
Copying config c4127096ce done
Writing manifest to image destination
Storing signatures
STEP 2/2: COPY index.html /var/www/html/index.html
COMMIT
Getting image source signatures
Copying blob 48bbc3bb7b39 skipped: already exists
Copying blob ca07266b6575 skipped: already exists
Copying blob 2860cc774137 skipped: already exists
Copying blob 4e9fef2b406e done
Copying config 140823bbc9 done
Writing manifest to image destination
--> 140823bbc9a7
140823bbc9a7781709c85f3c0e851cdcf1a350fc034bdaf5aae0c15dd61f68b7
Original
$ podman --runtime crun run --rm ubi8 echo hi
$ grep -iA 3 "Default OCI Runtime" /usr/share/containers/containers.conf
$ podman --runtime /usr/bin/runc run --rm ubi8 echo hi
$ cat > ~/.config/containers/containers.conf << EOF
[engine]
runtime="runc"
EOF
$ podman --help | grep -- runc
4.5.1
$ podman --runtime crun run --rm ubi8 echo hi
hi
$ grep -iA 3 "Default OCI Runtime" /usr/share/containers/containers.conf
# Default OCI runtime
#
#runtime = "crun"
$ sudo dnf install runc
[sudo] password for shtanaka:
Last metadata expiration check: 0:08:35 ago on Mon 28 Aug 2023 05:03:42 AM JST.
Dependencies resolved.
================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================================================================================================================
Installing:
containerd.io x86_64 1.6.22-3.1.fc38 docker-ce-stable 33 M
Transaction Summary
================================================================================================================================================================================================================================================================================
Install 1 Package
Total download size: 33 M
Installed size: 114 M
Is this ok [y/N]: n
Operation aborted.
4.6.1
$ podman --runtime crun run --rm ubi8 echo hi
hi
$ grep -iA 3 "Default OCI Runtime" /usr/share/containers/containers.conf
# Default OCI runtime
#
#runtime = "crun"
$ podman --runtime /usr/bin/runc run --rm ubi8 echo hi
hi
$ podman --help | grep -- runc
--runtime string Path to the OCI-compatible binary used to run containers. (default "runc")
Original
$ du -s /usr/bin/runc /usr/bin/crun
4.6.1
$ du -s /usr/bin/runc /usr/bin/crun
10472 /usr/bin/runc
460 /usr/bin/crun
Original
$ grep -A 9 '^#kata' /usr/share/containers/containers.conf
4.5.1
$ grep -A 9 '^#kata' /usr/share/containers/containers.conf
#kata = [
# "/usr/bin/kata-runtime",
# "/usr/sbin/kata-runtime",
# "/usr/local/bin/kata-runtime",
# "/usr/local/sbin/kata-runtime",
# "/sbin/kata-runtime",
# "/bin/kata-runtime",
# "/usr/bin/kata-qemu",
# "/usr/bin/kata-fc",
#]
4.6.1
$ grep -A 9 '^#kata' /usr/share/containers/containers.conf
#kata = [
# "/usr/bin/kata-runtime",
# "/usr/sbin/kata-runtime",
# "/usr/local/bin/kata-runtime",
# "/usr/local/sbin/kata-runtime",
# "/sbin/kata-runtime",
# "/bin/kata-runtime",
# "/usr/bin/kata-qemu",
# "/usr/bin/kata-fc",
#]
Original
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
$ brew install podman
Original
% podman machine init
% podman machine list
macOS
% podman machine init
Downloading VM image: fedora-coreos-38.20230819.2.0-qemu.aarch64.qcow2.xz: done
Extracting compressed file
Image resized.
Machine init complete
To start your machine run:
podman machine start
% podman machine list
NAME VM TYPE CREATED LAST UP CPUS MEMORY DISK SIZE
podman-machine-default* qemu About a minute ago About a minute ago 1 2GiB 100GiB
Original
% podman system connection list
% podman system connection default podman-machine-default-root
% podman system connection list
$ podman system connection default podman-machine-default
macOS
% podman system connection list
Name URI Identity Default
podman-machine-default ssh://core@127.0.0.1:49263/run/user/501/podman/podman.sock /Users/shtanaka/.ssh/podman-machine-default true
podman-machine-default-root ssh://root@127.0.0.1:49263/run/podman/podman.sock /Users/shtanaka/.ssh/podman-machine-default false
% podman system connection default podman-machine-default-root
% podman system connection list
Name URI Identity Default
podman-machine-default ssh://core@127.0.0.1:49263/run/user/501/podman/podman.sock /Users/shtanaka/.ssh/podman-machine-default false
podman-machine-default-root ssh://root@127.0.0.1:49263/run/podman/podman.sock /Users/shtanaka/.ssh/podman-machine-default true
% podman system connection default podman-machine-default
% podman system connection list
Name URI Identity Default
podman-machine-default ssh://core@127.0.0.1:49263/run/user/501/podman/podman.sock /Users/shtanaka/.ssh/podman-machine-default true
podman-machine-default-root ssh://root@127.0.0.1:49263/run/podman/podman.sock /Users/shtanaka/.ssh/podman-machine-default false
Original
% podman version
% podman machine start
% podman version
% podman machine stop
macOS
% podman version
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: dial tcp 127.0.0.1:49263: connect: connection refused
% podman version
Client: Podman Engine
Version: 4.6.1
API Version: 4.6.1
Go Version: go1.20.7
Git Commit: f3069b3ff48e30373c33b3f5976f15abf8cfee20
Built: Fri Aug 11 03:13:43 2023
OS/Arch: darwin/arm64
Server: Podman Engine
Version: 4.6.1
API Version: 4.6.1
Go Version: go1.20.7
Built: Fri Aug 11 07:06:52 2023
OS/Arch: linux/arm64
% podman machine stop
Waiting for VM to exit...
Machine "podman-machine-default" stopped successfully