This image provides an easy way to try out podman and a base for nested containerization scenarios where the child container should run as unprivileged user.

The alpine-based image contains the following statically linked binaries (without systemd support):

• podman
• runc
• conmon
• fuse-overlayfs
• slirp4netns
• buildah

Containers need to be --privileged.

Before the entrypoint script runs the provided command as unprivileged user podman (100000) it does some workarounds:

• Change the owner of the storage volume mount point (/podman/.local/share/containers/storage) to the unprivileged podman user.
• Create cgroup from /proc/1/cgroup within /sys/fs/cgroup if it does not exist because inside the container this cgroup is the cgroup root.

docker run --privileged mgoltzsche/podman:latest docker run alpine:latest echo hello from podman

./make.sh build test run