| 18 Apr 2024 |
|  syntolog joined the room. | 19:19:21 |
|  UrbenLegend joined the room. | 19:48:48 |
|  David Schadlich joined the room. | 23:38:38 |
| 19 Apr 2024 |
|  xyhhx Ⓜ️ (they/them) joined the room. | 00:56:08 |
|  M. Edward (Ed) Borasky joined the room. | 03:25:57 |
 bitblt | Hello again! Has anybody noticed that the podman-next version from copr doesn't work?
On a vanilla almalinux 9.3 vm, installed podman using https://podman.io/docs/installation#installing-bleeding-edge-versions-of-podman, and even a simple version command gives:
[user@test ~]$ sudo podman version
Error:
The system logs aren't really helpful either, as don't show any errors
The weird thing is that if I run podman version as a regular user it works, only on root user it fails like above
| 08:29:34 |
|  @felix:0x23.me joined the room. | 09:54:46 |
| @felix:0x23.me | I have two containers running on the same host.
One has traefik in it as a reverse proxy.
I try to access container2 (an app) from container 1(traefik) through the host ip and the respective bound port.
From any other machine this work fine but nut on the same machine from container to container.
Each container is in its own network. When I join them together in one network, it works.
So it seems the communication does not go through the host but directly from container to container.
Is there any way to solve that connectivity issue without joining them into one network?
| 10:09:49 |
|  logo (he/him) joined the room. | 14:43:31 |
 doggo | trying to translate a docker-compose instruction to be more podman compatible, but idk if it works.
here is a line that defined a volume in the original docker-compose file im trynna convert:
- /var/run/docker.sock:/var/run/docker.sock
for podman, it should be rootless, so idk how to translate this line... need a little help 😀️
| 20:48:06 |
| doggo | * trying to translate a docker-compose instruction to be more podman compatible, but idk if it works.
here is a line that defined a volume in the original docker-compose file im trynna convert:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
for podman, it should be rootless, so idk how to translate this line... need a little help 😀️
| 20:48:45 |
| doggo | * trying to translate a docker-compose instruction to be more podman compatible, but idk if it works.
here is a line that defined a volume in the original docker-compose file im trynna convert:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
for podman, it should be rootless, so idk how to translate this line to be rootless... need a little help 😀️
| 20:49:06 |
 DoofusCanadensis | That just mounts a socket file | 23:47:09 |
| DoofusCanadensis | So that the container mounting that can control the docker daemon. | 23:47:29 |
| 20 Apr 2024 |
|  gigidi5557 joined the room. | 12:57:51 |
|  Matt joined the room. | 20:29:43 |
| 21 Apr 2024 |
| UrbenLegend | Is there a reason why the real IP of incoming requests isn't getting passed from Nginx Proxy Manager to my other containers when they're run in rootless mode? My configuration works in rootful mode, but in rootless, things like Nextcloud and Jellyfin only see requests as coming from the Nginx Proxy Manager IP address | 02:29:46 |
| UrbenLegend | Seems like its related to this bug: https://github.com/containers/podman/issues/8193 | 04:19:27 |
| UrbenLegend | How are you guys handling reverse proxies in rootless mode? | 04:19:35 |
 Erik Sjölund | The source IP address is available to nginx if you configure nginx + rootless podman to use socket activation. I wrote some documentation about running nginx with rootless podman https://github.com/eriksjolund/podman-nginx-socket-activation/tree/main/examples/example4 On my todo-list is to see if X-Forwarded-For HTTP header works. Then the backend servers would also get the information about the source IP address. | 08:26:13 |
| Erik Sjölund | I also did some experimenting with nextcloud and rootless podman in November 2023. https://github.com/eriksjolund/nextcloud-podman I think I got so far that I could see the nextcloud web interface running but I didn't do any further testing. Socket activation is used https://github.com/eriksjolund/nextcloud-podman/blob/main/nginx.socket | 08:39:39 |
| @felix:0x23.me left the room. | 09:13:20 |
 baerentoeter | hi guys, im - again - having issues with podman (5.0.0) and selinux: i have a container that starts an sshd on port 22022 using network_mode: host. it works perfeclty fine when selinux is in permissive mode, but i cannot connect to the server when selinux is in enforcing mode. i have followd the steps from https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/using_selinux/creating-selinux-policies-for-containers_using-selinux but installing the policy generated by udica fails with "Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/base_container/cil:6" any ideas? | 11:20:44 |
| baerentoeter | In reply to @baerentoeter:matrix.org
hi guys, im - again - having issues with podman (5.0.0) and selinux: i have a container that starts an sshd on port 22022 using network_mode: host. it works perfeclty fine when selinux is in permissive mode, but i cannot connect to the server when selinux is in enforcing mode. i have followd the steps from https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/using_selinux/creating-selinux-policies-for-containers_using-selinux but installing the policy generated by udica fails with "Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/base_container/cil:6" any ideas? also, everything works fine when selinux is in enforcing and the container is ran in privileged mode. however, i doubt that this is the best practice, eh | 11:23:41 |
| Erik Sjölund | The sshd problem might be related to this troubleshooting tip https://github.com/containers/podman/blob/main/troubleshooting.md#33-the-sshd-process-fails-to-run-inside-of-the-container | 11:37:58 |
| Erik Sjölund | (or maybe not, at least the tip was about sshd) | 11:40:13 |
| baerentoeter | In reply to @eriksjolund:fedora.im
The sshd problem might be related to this troubleshooting tip https://github.com/containers/podman/blob/main/troubleshooting.md#33-the-sshd-process-fails-to-run-inside-of-the-container thanks Erik, but i think that is not the problem im facing - i dont have reason to believe that loginuid is an issue. actually my question aims for a more general answer to the question why the whole "podman-inspect->udica->semodule" toolchain fails | 11:45:09 |
| baerentoeter | Since my setup works fine when selinux is permissive, it is quite safe to say that it is an issue with the labels I guess | 11:52:57 |
|  Dennis (7616) joined the room. | 13:41:41 |
|  @lucas_sr:matrix.org joined the room. | 23:35:06 |
