2023-02-10

Last updated Feb 23, 2023 Edit Source

• Journal

Today I start experimenting with the Podman API through its library in Go. I’m not trying Docker API, because I know I want rootless for security measures (thought it’s doable, but wasn’t so easy last time I checked). I’ll have to dig into https://docs.docker.com/engine/security/rootless/ to be sure.

The first issue when trying Podman for the first time is that it requires to have multiple uids/gids set for a user in order to use the rootless mode. So:

1
2

sudo usermod --add-subuids 10000-75535 $(whoami)
sudo usermod --add-subgids 10000-75535 $(whoami)

Now, podman images list should run.

Note, that the above range for the user _username_ may already be taken by another user as it defines the default range for the first user on the system. If in doubt, first consult the /etc/subuid and /etc/subgid files to find the already reserved ranges.