commit 8fe630dcc8eb4a2729003975242c20e56bf41b68 parent aa0e8a4933d78144505090368fd555ce9dbf34d8 Author: Sebastian <sebasjm@gmail.com> Date: Thu, 21 Aug 2025 09:43:53 -0300 fix #10248 Diffstat:
| M | regional-currency/container/README | | | 8 | ++++++++ |
| M | regional-currency/container/start.sh | | | 8 | ++++++++ |
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/regional-currency/container/README b/regional-currency/container/README @@ -24,3 +24,11 @@ Since the regional-currency folder will be located in the `/root` directory insi After the setup is completed, the script `withdraw.sh` can help to test a withdrawal and the `diagnose.sh` to find out if there a problem. +Fully Unprivileged Testing +-------------------------- + +The intention of this setup is an simple way to install, test and easy clean up. When the script start.sh is called again all the previous run is overwritten. You can then claim old containers disk using podman tools. + +This scripts still requires some root permissions that would also be required if you are installing and testing without podman or docker. Removing this requirement is out of scope for now. + +Also check systemd documentation about running systemd inside a container https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ diff --git a/regional-currency/container/start.sh b/regional-currency/container/start.sh @@ -5,3 +5,11 @@ THIS_FILE=$(realpath "$0") DIR=$(dirname "$THIS_FILE") podman run --name taler --replace -p 80:80 -v $DIR/..:/root:O -ti taler + +# About cap_sys_admin +# https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ +# +# Do not drop CAP_SYS_ADMIN from the container. +# A number of fs namespacing related settings. +# You break all services that make use of these flags if you drop the flag. +#podman run --name taler --replace -p 80:80 --cap-add sys_admin -v $DIR/..:/root:O -ti taler