Remix.run Logo
trollbridge 8 hours ago

I gave up on Podman for some minor reasons: one was that they decided to deviate from Docker and handle SELinux differently, which required effort to change the SELinux security labels on a stock Centos system. That made it a no go.

The other issue is minor differences from Docker, but small enough that a packaged up Docker compose doesn’t work out of the box. It’s not a good use of my time to debug that when I could just switch to Docker, have it work, and get on with my day.

the-grump 8 hours ago | parent | next [-]

Can you elaborate on SELinux? It affected me too but I just had to add :Z to my mount argument. Curious about whether there's further impact I'm unaware of.

psadauskas 6 hours ago | parent | next [-]

This is my biggest gripe. If you're using docker-compose.yml on a team that mostly uses docker, you can't use use that same docker-compose.yml with rootless podman. Any volume mounts that need to be writable (like the app, or databases) need to have `:X` or `:x` as a suffix, or podman won't set the SELinux label correctly to make it writable. But if you add those, docker blows up because it doesn't understand them.

trollbridge 7 hours ago | parent | prev [-]

There were other problems although it’s been a few years so I’ve forgotten them. I think the container I had trouble with Ory Kratos. We did eventually get it to work but had to change the sample docker deployment a fair bit.

macOS had a seperate set of problems. I ended up just going with buildx and Colima on macOS. (We don’t use Docker Desktop.)

Long term I’d like to try to switch to podman again, but it needs to have a “be 100% compatible with Docker” mode as opposed to this:

https://github.com/podman-container-tools/podman/issues/1478...

nicce 7 hours ago | parent | prev | next [-]

> have it work, and get on with my day.

And usability continues for being security’s number one enemy...

esseph 7 hours ago | parent | prev [-]

> on a stock Centos system

Either an old experience you had, or a newer experience you had on vastly out of date packages and probably podman itself?