Seth Grover
Seth Grover
A comment from a Mal.Con24 attendee: > AuthN support for Authentik would be great.
(copy/paste from a teams conversation, apologize for the bad formatting) one bit of info I should mention about the podman one: all of the malcolm [docker images](https://github.com/idaholab/Malcolm/tree/main/Dockerfiles) go through the...
[Podman 5](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md) is out which seems to have a bunch of improvements, I'd recommend we use that as a baseline (and, if there's anything it makes easier, making that a...
I've started playing with this, and honestly the issues are very few: * Running podman rootless, without any of the UID mapping stuff from the previous comment, UID 0 maps...
Here's a thread that's *maybe* working for the user namespace mapping stuff: * I've added a way to specify the container runtime (e.g., `podman`) via a `-r`/`--runtime` option or a...
See containers/podman#23347 for another issue. Trying to run via `podman compose` with `userns_mode: keep-id`. Only the [`VOLUME`](https://github.com/idaholab/Malcolm/blob/1b5e003023aa0b876dc100f8def0645ada8283c2/Dockerfiles/file-monitor.Dockerfile#L245-L247)-declared paths have 999 ownership.
I've got this in a pretty-much-working state, just going through and hand-checking the logs and whatnot to make sure everything is the way it should be. I still need to...
As expected live capture is failing, but everything else is working correctly as far as I can tell.
I have determined that it's impossible to do the live network capture using rootless podman (probably rootless docker as well) because of the user namespacing. Even with tricks like `setcap`...
Also, is this supplementing or replacing JA3?