在无根环境中的基本设置和使用Podman - Linux

TOP

在无根环境中的基本设置和使用Podman(四)

2023-07-23 13:30:30 【大中小】浏览:67次

除最新最近的容器 f0eb826145edf810c1c101be1746d44dc1f1ab7619212c2990c5e29465a54e7e [lnh2@localhost ~]$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [lnh2@localhost ~]$ ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* [lnh2@localhost ~]$ podman run -itd --name web --userns=keep-id -v $(pwd)/data:/data:Z busybox //只要在运行容器的时候加上一个--userns=keep-id即可。保持一直id Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) Trying to pull docker.io/library/busybox:latest... Getting image source signatures Copying blob 5cc84ad355aa done Copying config beae173cca done Writing manifest to image destination Storing signatures c1944ff72cdce194558a399929a0dac45758d619870d8211cc967d77df5e0ac0 [lnh2@localhost ~]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c1944ff72cdc docker.io/library/busybox:latest sh 6 seconds ago Up 6 seconds ago web [lnh2@localhost ~]$ podman exec -it web /bin/sh ~ $ ls -l total 16 drwxr-xr-x 2 root root 12288 Dec 29 2021 bin drwxrwxr-x 2 lnh2 lnh2 17 Aug 17 10:06 data drwxr-xr-x 5 root root 360 Aug 17 10:13 dev drwxr-xr-x 3 root root 93 Aug 17 10:13 etc drwxr-xr-x 2 nobody nobody 6 Dec 29 2021 home dr-xr-xr-x 244 nobody nobody 0 Aug 17 10:13 proc drwx------ 2 root root 6 Dec 29 2021 root drwxr-xr-x 3 root root 62 Aug 17 10:13 run dr-xr-xr-x 13 nobody nobody 0 Aug 15 02:04 sys drwxrwxrwt 2 root root 6 Dec 29 2021 tmp drwxr-xr-x 3 root root 18 Dec 29 2021 usr drwxr-xr-x 4 root root 30 Dec 29 2021 var //可以看见/data的所属主所属组都是lnh2

使用普通用户映射容器端口时会报“ permission denied”的错误

[lnh2@localhost ~]$ podman run -itd --name web -p 80:80 httpd
Error: rootlessport cannot expose privileged port 80, you can add 'net.ipv4.ip_unprivileged_port_start=80' to /etc/sysctl.conf (currently 1024), or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied

普通用户可以映射>= 1024的端口

[lnh2@localhost ~]$ podman run -itd --name web -p 1024:80 httpd
1754f938a722e57e1a9f4d545ed24a243ecb1ddd9229ebf042d976f3ff36ef03
[lnh2@localhost ~]$ ss -antl
State      Recv-Q     Send-Q         Local Address:Port          Peer Address:Port     Process     
LISTEN     0          128                  0.0.0.0:22                 0.0.0.0:*                    
LISTEN     0          128                        *:1024                     *:*                    
LISTEN     0          128                     [::]:22                    [::]:*

配置echo ‘net.ipv4.ip_unprivileged_port_start=80’ >> /etc/sysctl.conf后可以映射大于等于80的端口

[root@localhost ~]# vim /etc/sysctl.conf 
net.ipv4.ip_unprivileged_port_start = 80  //在最后面添加
[root@localhost ~]# sysctl -p   //使其立即生效
net.ipv4.ip_unprivileged_port_start = 80
将之前的80端口还有容器都删除
[root@localhost ~]# ss -antl   //确保没有80端口
State      Recv-Q     Send-Q         Local Address:Port          Peer Address:Port     Process     
LISTEN     0          128                  0.0.0.0:22                 0.0.0.0:*                    
LISTEN     0          128                     [::]:22                    [::]:*                    
[root@localhost ~]# podman ps -a    //确保没有正在运行的容器
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
进行测试:
[root@localhost ~]# podman run -itd --name web -p 80:80 httpd
Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob 41c22baa66ec done  
Copying blob dcc4698797c8 done  
Copying blob a2abf6c4d29d done  
Copying blob 67283bbdd4a0 done  
Copying blob d982c879c57e done  
Copying config dabbfbe0c5 done  
Writing manifest to image destination
Storing signatures
6f42e56db56a6ccb791b12bf0b482e13bb1d

首页上一页 1 2 3 4 下一页尾页 4/4/4
【大中小】【打印】【繁体】【投稿】【收藏】【推荐】【举报】【评论】【关闭】【返回顶部】

上一篇：linux服务器，nginx日志切割保存	下一篇：Ubuntu 安装 Docker 环境