Podman

Today I learned about the podman auto-update command. It updates all the containers managed by systemd (e.g. created by podman-generate-systemd --new) to the newest image version. More

Today I learned about the pull flags in the podman build command. --pull=false: will pull the image only if it does not exist in the local repo. --pull=true: will pull the image if it doesn’t exist or if the remote has a newer version (default). --pull-always: will always pull the image. --pull-never: will never pull the image. More

Today I learned some useful podman flags like: --replace: to replace a container if it already exists. --ignore: to ignore errors and continue the work (very useful for bulk deletions). --tz: to set the TZ for the container. More

Containers are not secure ! I am kidding ! they are pretty secure but they are dangerous and one reason why they are is because they require root privileges to run. Why ? OKey Okey let’s take a look at this: sudo docker run -v /:/hostfs ubuntu rm -rf /hostfs You figured why running docker (container runtime) as root is dangerous ? Running your container runtime as root is the most dangerous thing you can do, because escaping the container barrier (container runtime vulnerability) will make the attacker root and Slat 3enbi....