Rootless Docker-Compose with Podman
Published on
Updated on
Note: Nowadays, I prefer to use Quadlets
One of the benefits of Podman over Docker is that it can run daemon-less and without root. However, docker-compose
is by far my favorite way to create and maintain containers. Luckily, the Podman folks emulated the Docker CLI so that docker-compose
works well with Podman!
To install:
sudo dnf install -y podman podman-docker docker-compose
We can then emulate the docker socket rootless with the following commands:
systemctl --user enable podman.socket
systemctl --user start podman.socket
At this point, we’ll want to see if the daemon acts as expected
curl -H "Content-Type: application/json" \
--unix-socket /var/run/user/$UID/podman/podman.sock \
http://localhost/_ping
This should return OK
. We then need to create an environmental variable to tell docker compose where the emulated docker socket lives.
export DOCKER_HOST=unix:///run/user/$UID/podman/podman.sock
To have this environmental variable persistent across reboots, add the above line to the user’s .bash_profile
.
You’ll need a configuration file docker-compose.yml
defined. Here is a sample one that spins up an image updating service. Replace $UID
with your user id which you can get from running id -u
in the terminal.1
version: "3.3"
services:
watchtower:
image: docker.io/containrrr/watchtower
container_name: watchtower
hostname: watchtower
environment:
PUID: 1000
PGID: 1000
TZ: US/Eastern
volumes:
- /var/run/user/$UID/podman/podman.sock:/var/run/docker.sock:ro
restart: always
If you want to add to add more volumes to the container, make sure it has the appropriate SELinux label if you’re using a distribution with it enabled.2
chcon -t container_file_t -R X
where X
is the volume you wish to mount.
Now we can run docker-compose
!
docker-compose ps
-
Thanks to Ian Evans for sending in a correction to the volumes declaration. ↩︎