logoalt Hacker News

the-grumptoday at 7:39 PM2 repliesview on HN

Can you elaborate on SELinux? It affected me too but I just had to add :Z to my mount argument. Curious about whether there's further impact I'm unaware of.


Replies

psadauskastoday at 8:58 PM

This is my biggest gripe. If you're using docker-compose.yml on a team that mostly uses docker, you can't use use that same docker-compose.yml with rootless podman. Any volume mounts that need to be writable (like the app, or databases) need to have `:X` or `:x` as a suffix, or podman won't set the SELinux label correctly to make it writable. But if you add those, docker blows up because it doesn't understand them.

trollbridgetoday at 7:48 PM

There were other problems although it’s been a few years so I’ve forgotten them. I think the container I had trouble with Ory Kratos. We did eventually get it to work but had to change the sample docker deployment a fair bit.

macOS had a seperate set of problems. I ended up just going with buildx and Colima on macOS. (We don’t use Docker Desktop.)

Long term I’d like to try to switch to podman again, but it needs to have a “be 100% compatible with Docker” mode as opposed to this:

https://github.com/podman-container-tools/podman/issues/1478...