Short tip: Rootless Podman + docker-compose under Fedora
Since 2018, there has been a very elegant and lean container runtime, Podman, as an alternative to Docker. Podman offers a smaller attack surface due to omitted background services and is also often pre-installed on Red Hat-like operating systems. With a few tricks, existing docker-compose configurations can still be used.
First, Podman must be installed including Docker compatibility and
docker-compose - if not already done:
1# dnf install podman podman-docker docker-compose
For privileged containers, the system-wide socket must be enabled and made available under another name. Podman does not need a socket, Docker does - so docker-compose expects a socket for communication.
1# ln -s /var/run/podman/podman.sock /var/run/docker.sock 2# systemctl enable --now --user podman.socket
For unprivileged containers, the socket must be enabled in the user context:
1$ systemctl enable --now --user podman.socket
Especially important is the environment variable
DOCKER_HOST, which must point to the socket in the user context. It is recommended to check the presence of the same:
1$ export DOCKER_HOST="unix:$XDG_RUNTIME_DIR/podman/podman.sock" 2$ file $XDG_RUNTIME_DIR/podman/podman.sock 3/run/user/1000/podman/podman.sock: socket
export command is a good candidate for the
In order for volumes specified in a
docker-compose.yml to be available to the container, it is mandatory to enable SELinux support (add
:z to the end of the path specification):
1version: "3" 2services: 3... 4 5volumes: 6- "./data:/data:z"
Otherwise, the containers start but are not able to access the data.