For instance, if you wanted to install neofetch, here is how you might want to do this:
david@hplinux:~$ mkdir .root && .root #Create a pseudo root directory in your homedavid@hplinux:~/.root$ apt-get download neofetch #Download the neofetch package into the current directorydavid@hplinux:~/.root$ ls | grep neofetch #Show the full name of the downloaded packagedavid@hplinux:~/.root$ dpkg --extract $(ls | grep neofetch) . #Extract the package into the current directorydavid@hplinux:~/.root$ find . -name - f -executable #Find the location where the binary has been installeddavid@hplinux:~/.root$ >> ~/.bashrc
david@hplinux:~/.root$ ~/.bashrc #Source your bachrs to update the path inside the current terminaldavid@hplinux:~/.root$ neofetch #Actually run the commanddavid@hplinux:~/.root$ neofetch #Check that the command being run is actually from your pseudo root directoryI did a yum update on my Oracle Enterprise Linux 7.7 install before I started to get everything on the latest version. As root I used yum to install the Linux packages I needed to install Python 3.8.1 from source:
[bobby@pythonvm ~]$ curl -k -O https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tgz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 22.8M 100 22.8M 0 0 7830k 0 0:00:02 0:00:02 --:--:-- 7828kFor some reason I had to do this twice. The first download failed. Next I gunzipped and untarred this archive under my home directory:
tar zxfv Python-3.8.1.tgz
Python-3.8.1/Objects/sliceobject.c
Python-3.8.1/Objects/listobject.c
Python-3.8.1/Objects/typeslots.inc
Python-3.8.1/Objects/weakrefobject.c
Python-3.8.1/Objects/unicodeobject.c
Python-3.8.1/Objects/complexobject.c
Python-3.8.1/Objects/picklebufobject.c
Python-3.8.1/Objects/odictobject.c
Python-3.8.1/Objects/genobject.c
[bobby@pythonvm ~]$I created a directory called “python” under my home directory to use as the top-level directory for my Python install. This directory tree will hold the binaries and any Python packages that I install.
[bobby@pythonvm ~]$ mkdir pythonAfter changing directory to where I untarred the source files I configured the Python make and install to use the directory I just created as a “prefix”:
[bobby@pythonvm ~]$ cd Python-3.8.1
[bobby@pythonvm Python-3.8.1]$ pwd
/home/bobby/Python-3.8.1
./configure --prefix=/home/bobby/python
config.status: creating Misc/python-embed.pc
config.status: creating Misc/python-config.sh
config.status: creating Modules/ld_so_aix
config.status: creating pyconfig.h
creating Modules/Setup.local
creating Makefile
If you want a release build with all stable optimizations active (PGO, etc),
please run ./configure --enable-optimizationsThen I did the make and make altinstall from the same directory:
So, now Python 3.8.1 is installed in /home/bobby/python but I want to put the bin directory in the path so I can run python or pip and by default have them be this version. The install created python and pip as python3.8 and pip3.8 but I created links to them so that I could access them without 3.8 at the end of their names:
[bobby@pythonvm Python-3.8.1]$ cd /home/bobby/python/bin
[bobby@pythonvm bin]$ ls -al
total 16704
drwxr-xr-x. 2 bobby bobby 4096 Feb 10 15:36 .
drwxrwxr-x. 6 bobby bobby 52 Feb 10 15:36 ..
-rwxrwxr-x. 1 bobby bobby 109 Feb 10 15:36 2to3-3.8
-rwxrwxr-x. 1 bobby bobby 249 Feb 10 15:36 easy_install-3.8
-rwxrwxr-x. 1 bobby bobby 107 Feb 10 15:36 idle3.8
-rwxrwxr-x. 1 bobby bobby 231 Feb 10 15:36 pip3.8
-rwxrwxr-x. 1 bobby bobby 92 Feb 10 15:36 pydoc3.8
-rwxr-xr-x. 1 bobby bobby 17075312 Feb 10 15:35 python3.8
-rwxr-xr-x. 1 bobby bobby 3095 Feb 10 15:36 python3.8-config
[bobby@pythonvm bin]$ ln -s python3.8 python
[bobby@pythonvm bin]$ ln -s pip3.8 pipThen I added/home/bobby/python/bin to the front of the path to keep these new python and pip links ahead of the python links or binaries in the rest of the path.
[bobby@pythonvm bin]$ cd
[bobby@pythonvm ~]$ vi .bashrc
export ORACLE_HOME=/home/oracle/app/oracle/product/12.1.0/client_1
export PATH=$PATH:$ORACLE_HOME/bin
export LD_LIBRARY_PATH=/home/oracle/app/oracle/product/12.1.0/client_1/lib
export PATH=/home/bobby/python/bin:$PATH
~
~
~
~
~
~
".bashrc" 17L, 451C written I logged out and in as bobby and tried python and pip to see that they were the correct version:
[bobby@pythonvm ~]$ python
Python 3.8.1 (default, Feb 10 2020, 15:33:01)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39.0.3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
[bobby@pythonvm ~]$ pip list
Package Version
---------- -------
pip 19.2.3
setuptools 41.2.0
WARNING: You are using pip version 19.2.3, however version 20.0.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
[bobby@pythonvm ~]$ Finally, I updated pip just to show that we can update something in this new install. Then I installed numpy to see if I could install a new package.
This is a quick and dirty post, but I want to remember these steps for myself and it might be helpful for someone who uses Redhat/Centos/OEL.
- Basic Setup and Use of Podman in a Rootless environment.
- cgroup V2 support
- Administrator Actions
- Installing Podman
- Building Podman
- Install slirp4netns
- Ensure fuse-overlayfs is installed
- Enable user namespaces (on RHEL7 machines)
- /etc/subuid and /etc/subgid configuration
- Enable unprivileged ping
- User Actions
- User Configuration Files
- containers.conf
- storage.conf
- registries
- Authorization files
- Using volumes
- More information
- About Bobby
Basic Setup and Use of Podman in a Rootless environment.
cgroup V2 support
The alternative OCI runtime support for cgroup V2 can also be turned on at the command line by using the --runtime option:
Administrator Actions
Installing Podman
For installing Podman, please see the installation instructions.
Building Podman
For building Podman, please see the build instructions.
Install slirp4netns
Ensure fuse-overlayfs is installed
When using Podman in a rootless environment, it is recommended to use fuse-overlayfs rather than the VFS file system. For that you need the fuse-overlayfs executable available in $PATH.
Your distribution might already provide it in the fuse-overlayfs package, but be aware that you need at least version 0.7.6. This especially needs to be checked on Ubuntu distributions as fuse-overlayfs is not generally installed by default and the 0.7.6 version is not available natively on Ubuntu releases prior to 20.04.
The fuse-overlayfs project is available from GitHub, and provides instructions for easily building a static fuse-overlayfs executable.
[storage] driver = "overlay" (...)
[storage.options.overlay] (...) mount_program = "/usr/bin/fuse-overlayfs"Enable user namespaces (on RHEL7 machines)
/etc/subuid and /etc/subgid configuration
cat /etc/subuid
johndoe:100000:65536
test:165536:65536- username as listed in
/etc/passwdor in the output ofgetpwent. - The initial UID allocated for the user.
- The size of the range of UIDs allocated for the user.
usermod --add-subuids 100000-165535 --add-subgids 100000-165535 johndoe
grep johndoe /etc/subuid /etc/subgid
/etc/subuid:johndoe:100000:65536
/etc/subgid:johndoe:100000:65536Enable unprivileged ping
User Actions
User Configuration Files
containers.conf
/usr/share/containers/containers.conf/etc/containers/containers.conf$HOME/.config/containers/containers.conf
if they exist in that order. Each file can override the previous for particular fields.
storage.conf
For storage.conf the order is
/etc/containers/storage.conf$HOME/.config/containers/storage.conf
In rootless Podman certain fields in /etc/containers/storage.conf are ignored. These fields are:
graphroot="" container storage graph dir (default: "/var/lib/containers/storage") Default directory to store all writable content created by container storage programs.
runroot="" container storage run dir (default: "/run/containers/storage") Default directory to store all temporary writable content created by container storage programs.In rootless Podman these fields default to
graphroot="$HOME/.local/share/containers/storage"
runroot="$XDG_RUNTIME_DIR/containers"registries
Registry configuration is read in by this order
/etc/containers/registries.conf/etc/containers/registries.d/*HOME/.config/containers/registries.conf
Authorization files
Using volumes
So, for example,
john
# a folder which is empty
host> ls /home/john/folder
host> podman run -v /home/john/folder:/container/volume mycontainer /bin/bash
# Now I’m in the container
root@container> whoami
root
root@container> touch /container/volume/test
root@container> ls -l /container/volume
total 0
-rw-r—r— 1 root root 0 May 20 21:47 test
root@container> exit
# I check again
host> ls -l /home/john/folder
total 0
-rw-r—r— 1 john john 0 May 20 21:47 test»>
> whoami
john
# a folder which is empty
host> ls /home/john/folder
host> podman run -v /home/john/folder:/container/volume mycontainer /bin/bash
# Now I'm in the container
root@container> whoami
root
root@container> touch /container/volume/test
root@container> ls -l /container/volume
total 0
-rw-r--r-- 1 root root 0 May 20 21:47 test
root@container> exit
# I check again
host> ls -l /home/john/folder
total 0
-rw-r--r-- 1 john john 0 May 20 21:47 testAnother consideration in regards to volumes:
- When providing the path of a directory you’d like to bind-mount, the path needs to be provided as an absolute path
or a relative path that starts with.(a dot), otherwise the string will be interpreted as the name of a named volume.
More information
If you are still experiencing problems running Podman in a rootless environment, please refer to the Shortcomings of Rootless Podman page which lists known issues and solutions to known issues in this environment.
About Bobby
I live in Chandler, Arizona with my wife and three daughters. I work for US Foods, the second largest food distribution company in the United States. I have worked in the Information Technology field since 1989. I have a passion for Oracle database performance tuning because I enjoy challenging technical problems that require an understanding of computer science. I enjoy communicating with people about my work.
