• dwt@feddit.org
      link
      fedilink
      Deutsch
      arrow-up
      1
      ·
      7 hours ago

      How do you do that? Please link a description. This has been a major stumbling block for me

        • dwt@feddit.org
          link
          fedilink
          Deutsch
          arrow-up
          1
          ·
          4 hours ago

          Yeah, that works, but it means the services cannot be managed by systemctl as root anymore. Or am I missing something?

          • mholiv@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 hour ago

            You can if you want to. But I don’t think that is best practice. The idea of quadlets is the bring Linux norms to containers. You contain and manage all permissions for that container in that user.

            I personally have completely separated users and selinux mls contexts for each container group (formerly docker compose file) and I manage them thusly. It’s more annoying but it substantially more secure.

            This being said I think you can do it as root. I think this might work but I am not certain sudo systemctl --user -M theuser@ status myunit.service

    • Quik@infosec.pub
      link
      fedilink
      English
      arrow-up
      3
      ·
      24 hours ago

      Same here; Rootless Podman Quadlets gang unite (there is two of us in total)