Rootless Docker-Compose with Podman
2 minute reading time
One of the benefits of Podman over Docker is that it can run daemon-less and without root. However,
docker-compose is by far my favorite way to create and maintain containers. Luckily, the Podman folks emulated the Docker CLI so that
docker-compose works well with Podman!
sudo dnf install -y podman podman-docker docker-compose
We can then emulate the docker socket rootless with the following commands:
systemctl --user enable podman.socket systemctl --user start podman.socket
At this point, we’ll want to see if the daemon acts as expected
curl -H "Content-Type: application/json" \ --unix-socket /var/run/user/$UID/podman/podman.sock \ http://localhost/_ping
This should return
OK. We then need to create an environmental variable to tell docker compose where the emulated docker socket lives.
To have this environmental variable persistent across reboots, add the above line to the user’s
You’ll need a configuration file
docker-compose.yml defined. Here is a sample one that spins up an image updating service.
version: "3.3" services: watchtower: image: docker.io/containrrr/watchtower container_name: watchtower hostname: watchtower environment: PUID: 1000 PGID: 1000 TZ: US/Eastern volumes: - /var/run/podman/podman.sock:/var/run/docker.sock:ro restart: always
If you want to add to add more volumes to the container, make sure it has the appropriate SELinux label if you’re using a distribution with it enabled.1
chcon -t container_file_t -R X
X is the volume you wish to mount.
Now we can run