Containers

Today I learned that I can use Buildah to mount a container image and install packages on top of it from the host. microcontainer=$(buildah from registry.access.redhat.com/ubi8/ubi-micro) micromount=$(buildah mount $microcontainer) yum install \ --installroot $micromount \ --releasever 8 \ --setopt install_weak_deps=false \ --nodocs -y httpd yum clean all \ --installroot $micromount buildah umount $microcontainer buildah commit $microcontainer ubi-micro-httpd Source

Today I learned about the podman auto-update command. It updates all the containers managed by systemd (e.g. created by podman-generate-systemd --new) to the newest image version. More

Today I learned about the pull flags in the podman build command. --pull=false: will pull the image only if it does not exist in the local repo. --pull=true: will pull the image if it doesn’t exist or if the remote has a newer version (default). --pull-always: will always pull the image. --pull-never: will never pull the image. More

Today I learned some useful podman flags like: --replace: to replace a container if it already exists. --ignore: to ignore errors and continue the work (very useful for bulk deletions). --tz: to set the TZ for the container. More

Hello Again, Throughout the 4 previous months I got the chance to work on php applications again. This time not as a developer, but as an operator. I spent a good part of my internship trying to deploy, run and optimize php apps on my local environment and on the cloud. This post will be in many parts (3 or more). This part will be a sort of introduction to the php ecosystem....

Containers are not secure ! I am kidding ! they are pretty secure but they are dangerous and one reason why they are is because they require root privileges to run. Why ? OKey Okey let’s take a look at this: sudo docker run -v /:/hostfs ubuntu rm -rf /hostfs You figured why running docker (container runtime) as root is dangerous ? Running your container runtime as root is the most dangerous thing you can do, because escaping the container barrier (container runtime vulnerability) will make the attacker root and Slat 3enbi....