除最新最近的容器
f0eb826145edf810c1c101be1746d44dc1f1ab7619212c2990c5e29465a54e7e
[lnh2@localhost ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[lnh2@localhost ~]$ ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[lnh2@localhost ~]$ podman run -itd --name web --userns=keep-id -v $(pwd)/data:/data:Z busybox
//只要在运行容器的时候加上一个--userns=keep-id即可。保持一直id
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 5cc84ad355aa done
Copying config beae173cca done
Writing manifest to image destination
Storing signatures
c1944ff72cdce194558a399929a0dac45758d619870d8211cc967d77df5e0ac0
[lnh2@localhost ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c1944ff72cdc docker.io/library/busybox:latest sh 6 seconds ago Up 6 seconds ago web
[lnh2@localhost ~]$ podman exec -it web /bin/sh
~ $ ls -l
total 16
drwxr-xr-x 2 root root 12288 Dec 29 2021 bin
drwxrwxr-x 2 lnh2 lnh2 17 Aug 17 10:06 data
drwxr-xr-x 5 root root 360 Aug 17 10:13 dev
drwxr-xr-x 3 root root 93 Aug 17 10:13 etc
drwxr-xr-x 2 nobody nobody 6 Dec 29 2021 home
dr-xr-xr-x 244 nobody nobody 0 Aug 17 10:13 proc
drwx------ 2 root root 6 Dec 29 2021 root
drwxr-xr-x 3 root root 62 Aug 17 10:13 run
dr-xr-xr-x 13 nobody nobody 0 Aug 15 02:04 sys
drwxrwxrwt 2 root root 6 Dec 29 2021 tmp
drwxr-xr-x 3 root root 18 Dec 29 2021 usr
drwxr-xr-x 4 root root 30 Dec 29 2021 var
//可以看见/data的所属主所属组都是lnh2
使用普通用户映射容器端口时会报“ permission denied”的错误
[lnh2@localhost ~]$ podman run -itd --name web -p 80:80 httpd
Error: rootlessport cannot expose privileged port 80, you can add 'net.ipv4.ip_unprivileged_port_start=80' to /etc/sysctl.conf (currently 1024), or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied
普通用户可以映射>= 1024的端口
[lnh2@localhost ~]$ podman run -itd --name web -p 1024:80 httpd
1754f938a722e57e1a9f4d545ed24a243ecb1ddd9229ebf042d976f3ff36ef03
[lnh2@localhost ~]$ ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:1024 *:*
LISTEN 0 128 [::]:22 [::]:*
配置echo ‘net.ipv4.ip_unprivileged_port_start=80’ >> /etc/sysctl.conf后可以映射大于等于80的端口
[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.ip_unprivileged_port_start = 80 //在最后面添加
[root@localhost ~]# sysctl -p //使其立即生效
net.ipv4.ip_unprivileged_port_start = 80
将之前的80端口还有容器都删除
[root@localhost ~]# ss -antl //确保没有80端口
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# podman ps -a //确保没有正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
进行测试:
[root@localhost ~]# podman run -itd --name web -p 80:80 httpd
Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob 41c22baa66ec done
Copying blob dcc4698797c8 done
Copying blob a2abf6c4d29d done
Copying blob 67283bbdd4a0 done
Copying blob d982c879c57e done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
6f42e56db56a6ccb791b12bf0b482e13bb1d