Attending this event?
Back To Schedule
Friday, June 16 • 3:45pm - 4:20pm
Rootful networking with rootless podman containers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Podman can use unprivileged user namespaces to allow non-root users to start containers. This means root inside the container is no longer also root outside the container. Less root is better, so we should clearly all be running our containers rootless, right?

Unfortunately, networking for rootless containers has a few downsides (that differ depending on which implementation you use). Can we not start our containers as rootless to make sure our processes don't have privileges, yet still use normal, rootful networking?

Turns out we can! This is the story of how I chased a possibility mentioned on the last slide of a 2021 presentation and a post on the podman list to use rootful networking with rootless podman containers.
Warning: you might learn more than you want on how network namespaces work.


Friday June 16, 2023 3:45pm - 4:20pm CEST
E112 | Talks
Feedback form isn't open yet.