Instead of disabling unprivileged user namespaces plain and simple, Ubuntu since 24.04 restricts them with an AppArmor profile, which is known to be insufficient:
https://seclists.org/oss-sec/2025/q1/253

Yet, people writing code relying on unprivileged user namespaces have to deal with Ubuntu specifics where things don’t behave as documented. Latest example:
https://codeberg.org/guix/guix/issues/679#issuecomment-5659997

How do folks deal with it?

minix z100 + podman -
#podman #podman_compose #docker #container #n100 #minix #z100 #rootless #fedoraserver #server #searxng

https://log.wiuwiu.org/minix-z100-podman

Hi! In case you missed, my #FOSDEM talk about creating a #rootless #container manager from scratch is available!

We'll talk about the basic principles to build your own container manager, using #lilipod as an example project:

https://fosdem.org/2025/schedule/event/fosdem-2025-5022-implementing-a-rootless-container-manager-from-scratch/

@jwildeboer @forgejo Can confirm using #Portainer and #Docker (also using the #rootless #container). No issue at all during or after #update.

EDIT: Problem solved, by changing the VM OS from alpinelinux to fedora-server
---
So far I spent almost my whole afternoon trying to get #UptimeKuma running as a #rootless #podman #container on a #alpinelinux #VM to successfully ping some machines to be monitored.

And so far I’m loosing the battle. If anyone has an idea or a pointer to a possible solution, I would be very happy.

Bueno, ya he eliminado todas las entradas del DNS con subdominios y solo he dejado dos wildcard, uno para lo expuesto y otro para lo interno

Para lo expuesto lo paso por npm (no me gusta que no tenga waf o mas opciones de seguridad), y para lo interno traefik tirando de las labels de los contendores

Por el camino he borrado todos los tunnels de cloudflare.

Siguiente paso, crear todos los usuarios y montar contenedores por tematica en usuarios aislados

Adventures with #rootless #podman #containers

https://kcore.org/2023/12/13/adventures-with-rootless-containers/

I had created a new #podman #rootless storage directory under /var/lib/containers/user/<name>, and _until now_ this worked without issue. Which was sheer luck it seems.

Now tried to start a container that uses musl, and it failed hard with

Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: No error

Some googling pointed me to #selinux again... adding the right context to the directories helps :D

Trying also to move away from root #docker #rootless #podman. Interesting exercise.

Working on an emulator? A while ago, I wrote a little proof-of-concept for rootless display of a back buffer on Mac OS X: https://github.com/uliwitness/RootlessForEmulators It's Objective-C, but the general approach still works.

#Introduction #Him #1955 #Dysfunctional #Family #Formative #Books #SciFi #Heinlein #Lessing #Politics #Internationalist #European #Socialist #LSE #SocAnth #Weslyan #Rootless #Tramp #Traveller #Love #NotHate #Cook #Gardener #MetaPhysics #Jungian #Holistic #Android #SOSNHS #ToriesOut #AGC #Photography #Radio3 #Tag #MUWF "More undoubtedly will follow"

A little tip if you’re running in a rootless container on an immutable OS (like Fedora Silverblue) and have a tool (say Helix Editor – command: hx) installed in your “user” account but want to do, e.g.,

sudo hx /etc/hostname

Which would result in:

sudo: hx: command not found

Instead do:

(Fish) > sudo (which hx) /etc/hostname
(Bash) > sudo `which hx` /etc/hostname

Enjoy! :)

RT @muayyadalsadi@twitter.com

with latest podman (commit 349e69) and podman-compose, you can run unmodified complex #docker-compose.yml files, like those of @ansible@twitter.com awx (#PostgreSQL, #RabbitMQ, and #python web application and task executor) all #rootless! @rhatdan@twitter.com

https://github.com/muayyad-alsadi/podman-compose

: https://twitter.com/muayyadalsadi/status/1105047189880012800

Keine sauberen Kaffeetassen mehr #workaround #rootless #coffee