container(2/0)
Deploy nonroot containers
One of the advantages touted by the Podman team over Docker is that you can choose to run containers as a user other than root. This is a security feature since, if a container were compromised by a malicious user and broke out of its container process, they would not have root privileges. Actually running containers as non-root users, however, adds a surprising complexity. Most container images, including those I’ve created myself, were drafted in Docker.…
Make your container accessible to the public network
From what I’ve gathered, these are the steps one must go through to allow a Podman container, such as a traefik proxy, to be accessible from the public network. The challenge lies with the network interface. Podman creates its own cni virtual network interface, but it’s the host’s default network interface that’s usually configured for intranet access. My ufw firewall blocks cross-interface traffic by default, with iptables in the backend to control access.…