I recently had a discussion in a container-selinux issue on why we allow certain capabilities by default for containers. The conversation is around DAC_OVERRIDE, a Linux capability which allows privileged processes, usually root, to ignore ownership and read/write permissions Discretionary Access Control (DAC). “As @wrabcak notes in Why do you see DAC_OVERRIDE SELinux denials?, In…
Hello Podman community! Today is a special day for all of us – we’ve officially hit 500,000 downloads of Podman Desktop! We want to say a big thanks to each and every one of you. It feels like yesterday that Podman Desktop was merely an idea. Over the last year, the initiative started with different…
Introduction In the ever-evolving landscape of container technology, Podman’s latest version, v4.6.0, includes a feature that promises to be a game-changer for system administrators: Podmansh. A login shell that leverages Podman’s robust container management capabilities. Podmansh is set to redefine the way users interact with systems, while ensuring maximum security and control for administrators. Why…
Sign up with your email address to receive updates by email from this website.