glizzyguzzler

glizzyguzzler, 1 hour ago

I see, I’ll check that out and also check out how to ascertain that lol

Does that “similar security” still count if the image is hacked? Since the capability for “real” root is there.

glizzyguzzler, 1 hour ago

I’ve made it so the host OS doesn’t require root, are you saying I’d need to make the image also do that?

glizzyguzzler, 1 hour ago

Love the idea, but theoretically with this “macvlan” it will have its own IP address and thus have free reign of all of its ports and not have any conflicts

glizzyguzzler, 1 hour ago

Huh you’d think macvlans would have an error telling me to kick rocks for trying to use it in a rootless state. I guess that’s why it can’t see anything?

Weird though, like why can’t I make the macvlans network interface as root and then let rootless containers connect to it? If I sudo make the macvlans network thing it lives in the sudo podman zone. Hm

glizzyguzzler, 1 hour ago

I have tried pre-making the network in podman directly beforehand, but because I want a second docker image binding to port 53 I was under the impression that I had to use macvlans

glizzyguzzler, 31 minutes ago

Thank you for the in-depth explanation!! I’ll keep this in mind as I try to club my way through podman!