有没有办法启动具有映射特权端口的无根 podman 容器(容器服务通过主机的端口 1023 或更低端口公开)?
跑步
$ podman run --rm -it -p 80:80 nginx:stable-alpine
Error: rootlessport cannot expose privileged port 80, you can add 'net.ipv4.ip_unprivileged_port_start=80' to /etc/sysctl.conf (currently 1024), or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied
自然会因为权限不足而失败。
$ sudo capsh --caps=CAP_NET_BIND_SERVICE+eip -- -c 'podman run --rm -it -p 80:80 nginx:stable-alpine'
root以用户身份运行 podman
$ sudo capsh --caps=CAP_NET_BIND_SERVICE+eip --user=$USER -- -c 'podman run --rm -it -p 80:80 nginx:stable-alpine'
Unable to set group list for …