Short tip: Rootless Podman + docker-compose under Fedora
Since 2018, there has been a very elegant and lean container runtime, Podman, as an alternative to Docker. Podman offers a smaller attack surface due to omitted background services and is also often pre-installed on Red Hat-like operating systems. With a few tricks, existing docker-compose configurations can still be used.
First, Podman must be installed including Docker compatibility and docker-compose
- if not already done:
1# dnf install podman podman-docker docker-compose
For privileged containers, the system-wide socket must be enabled and made available under another name. Podman does not need a socket, Docker does - so docker-compose expects a socket for communication.
1# ln -s /var/run/podman/podman.sock /var/run/docker.sock
2# systemctl enable --now --user podman.socket
For unprivileged containers, the socket must be enabled in the user context:
1$ systemctl enable --now --user podman.socket
Especially important is the environment variable DOCKER_HOST
, which must point to the socket in the user context. It is recommended to check the presence of the same:
1$ export DOCKER_HOST="unix:$XDG_RUNTIME_DIR/podman/podman.sock"
2$ file $XDG_RUNTIME_DIR/podman/podman.sock
3/run/user/1000/podman/podman.sock: socket
The export
command is a good candidate for the ~/.bashrc
file.
In order for volumes specified in a docker-compose.yml
to be available to the container, it is mandatory to enable SELinux support (add :z
to the end of the path specification):
1version: "3"
2services:
3...
4
5volumes:
6- "./data:/data:z"
Otherwise, the containers start but are not able to access the data.