You can if you want to. But I don’t think that is best practice. The idea of quadlets is the bring Linux norms to containers. You contain and manage all permissions for that container in that user.
I personally have completely separated users and selinux mls contexts for each container group (formerly docker compose file) and I manage them thusly. It’s more annoying but it substantially more secure.
This being said I think you can do it as root. I think this might work but I am not certain sudo systemctl --user -M theuser@ status myunit.service
Not true. I run them rootless on my server as we speak. :)
How do you do that? Please link a description. This has been a major stumbling block for me
Are you placing your service files in
~/.config/containers/systemd
of the home dir of the user you want them to run as?Here is a link: https://linuxconfig.org/how-to-run-podman-containers-under-systemd-with-quadlet
Yeah, that works, but it means the services cannot be managed by systemctl as root anymore. Or am I missing something?
You can if you want to. But I don’t think that is best practice. The idea of quadlets is the bring Linux norms to containers. You contain and manage all permissions for that container in that user.
I personally have completely separated users and selinux mls contexts for each container group (formerly docker compose file) and I manage them thusly. It’s more annoying but it substantially more secure.
This being said I think you can do it as root. I think this might work but I am not certain
sudo systemctl --user -M theuser@ status myunit.service
Same here; Rootless Podman Quadlets gang unite (there is two of us in total)
Make that 3!