[pkg-go] Bug#983395: podman lacks a runtime dependency on rootlesskit

Shengjing Zhu zhsj at debian.org
Wed Mar 10 16:04:31 GMT 2021


On Wed, Mar 10, 2021 at 11:59 PM Andrej Shadura <andrewsh at debian.org> wrote:
>
> Hi,
>
> On Wed, 10 Mar 2021, at 16:55, Shengjing Zhu wrote:
> > On Wed, Mar 10, 2021 at 11:52 PM Andrej Shadura <andrewsh at debian.org> wrote:
> > > On Wed, 10 Mar 2021, at 16:48, Shengjing Zhu wrote:
> > > > On Wed, Mar 10, 2021 at 11:46 PM Andrej Shadura <andrewsh at debian.org> wrote:
> > > > > Have you tried doing this on a newly installed system? Because that’s what I did: installed Debian in a VM, installed podman, attempted to pull an image, got an error. Not much more.
>
> > > Suggested packages:
> > >   containers-storage docker-compose
> > > Recommended packages:
> > >   buildah fuse-overlayfs slirp4netns catatonit | tini | dumb-init uidmap golang-github-containernetworking-plugin-dnsname criu
>
> > Have you seen this? There are a bunch of recommended packages that you
> > don't install. Especially `uidmap`.
> > It's just fine if you don't install them, then you don't have a
> > working podman without root. You need to use root to run podman if you
> > don't install the `uidmap` package.
>
> 1) Reinhard says it’s not mandatory, see above.

It's not mandatory for root user. It's mandatory for non-root user.

> 2) Docker doesn’t require installing anything else to be useful for non-root users, if podman does, it should be in Depends.

No, it's wrong.

Docker has two modes.
1. root mode. It runs a daemon, and listens to a local socket, which
is /var/run/docker.sock The socket is owned by docker group. Non root
can't access this unless you are in the docker group.
2. rootless mode, you need the uidmap and rootlesskit package to setup
the demon for non root users.

So, it never requires no thing for non root users.

-- 
Shengjing Zhu



More information about the Pkg-go-maintainers mailing list