Short tip: Rootless Podman + docker-compose under Fedora

Since 2018, there has been a very elegant and lean container runtime, Podman, as an alternative to Docker. Podman offers a smaller attack surface due to omitted background services and is also often pre-installed on Red Hat-like operating systems. With a few tricks, existing docker-compose configurations can still be used.

First, Podman must be installed including Docker compatibility and docker-compose - if not already done:

1# dnf install podman podman-docker docker-compose

For privileged containers, the system-wide socket must be enabled and made available under another name. Podman does not need a socket, Docker does - so docker-compose expects a socket for communication.

1# ln -s /var/run/podman/podman.sock /var/run/docker.sock
2# systemctl enable --now --user podman.socket

For unprivileged containers, the socket must be enabled in the user context:

1$ systemctl enable --now --user podman.socket

Especially important is the environment variable DOCKER_HOST, which must point to the socket in the user context. It is recommended to check the presence of the same:

1$ export DOCKER_HOST="unix:$XDG_RUNTIME_DIR/podman/podman.sock"
2$ file $XDG_RUNTIME_DIR/podman/podman.sock
3/run/user/1000/podman/podman.sock: socket

In order for volumes specified in a docker-compose.yml to be available to the container, it is mandatory to enable SELinux support (add :z to the end of the path specification):

1version: "3"
2services:
3...
4
5volumes:
6- "./data:/data:z"

Otherwise, the containers start but are not able to access the data.