• https://runnable.com/docker/basic-docker-networking
• https://denibertovic.com/posts/handling-permissions-with-docker-volumes/

Podman (Rootless) solutions

Rootless: /lib64/libc.so.6

/bin/sh: error while loading shared libraries: /lib64/libc.so.6: cannot apply additional memory protection after relocation: Permission denied Error: error building at STEP "RUN yum install -y kernel kernel-devel": error while running runtime: exit status 127

sudo semanage fcontext -a -e /var/lib/containers $HOME/.local/share/containers/storage
sudo restorecon -R -v $HOME/.local/share/containers/storage

• Rootless podman run can contain --security-opt label=disable to allow podman to mount your home dir or a :Z like -v ~/tmp:/tmp:Z
  • Or play with SELinux on each server to allow it globally.
  • https://www.redhat.com/sysadmin/user-namespaces-selinux-rootless-containers
  • https://blog.christophersmart.com/2021/01/31/volumes-and-rootless-podman/

Rootless Podman and Systemd services

Rootless podman containers don't work when run by the user via with sudo or su.

• https://www.redhat.com/sysadmin/sudo-rootless-podman
• Login the user via ssh or machinectl login myuser to really create a session. Or permanently enable linger for the user but you'll have DBus problem.

Solution B: Login as user

sudo machinectl shell --uid myuser is much better than su myuser because it creates a real session/login as if you were connected via SSH.

Solution A: Enable linger for the user

That creates a "session" for the user without login. But it isn't a true session and we face DBus/XDG envars problems.

# Enable "linger"
sudo loginctl enable-linger $USER
# check the status
ls /var/lib/systemd/linger
# Export the variable for systemctl/podman to find the user's DBus.
export XDG_RUNTIME_DIR=/run/user/$(id -u)

• DBus problem
  • https://access.redhat.com/discussions/6029491
  • https://access.redhat.com/discussions/5733161

---

=> Get docker for Centos 7:

• https://docs.docker.com/install/linux/docker-ce/centos/

---

=> Change default directory /var/lib/docker

• /etc/docker/daemon.json

{
  "graph": "/ext/docker"
}

systemctl stop docker; sudo rm -rf /ext/docker ; sudo mkdir /ext/docker ; systemctl start docker

GUI

docker run --env="QT_X11_NO_MITSHM=1"

---

=> Docker login error:

$ docker login -u alexis.***  https://m5-nexus01.jp.****.com:8444
Password: 
Error response from daemon: Get http://m5-nexus01.jp.****.com:8444/v2/: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

• /etc/docker/daemon.json:

{
  "insecure-registries" : [ "https://m5-nexus01.jp.****.com:8444" ],
  "registry-mirrors":  [ "https://m5-nexus01.jp.****.com:8444" ],
  "disable-legacy-registry": true
}

---

=> no space left on device when adding a big file to an image docker build

This happens on Centos with the default version in the Centos/Redhat's repository.

Version: 1.10.3 API version: 1.22 Package version: docker-common-1.10.3-46.el7.centos.14.x86_64 Built: Fri Sep 16 13:24:25 2016

• /etc/docker/daemon.json:

{
    "storage-opts": ["dm.basesize=100G"]
}

• systemctl restart docker

---

=> GUI to docker container running in remote SSH server

• https://stackoverflow.com/questions/48235040/run-x-application-in-a-docker-container-reliably-on-a-server-connected-via-ssh-w/48235281#48235281
• https://blog.yadutaf.fr/2017/09/10/running-a-graphical-app-in-a-docker-container-on-a-remote-server/

1. Add X11UseLocalhost no in /etc/ssh/sshd_config and reboot or restart sshd systemctl restart sshd
2. Might need to open ports: ufw allow from 172.17.0.0/16 to any port 6010 proto tcp port=6000+Xport
3. Run code below

XAUTH=~/.docker.xauth
xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | sudo xauth -f $XAUTH nmerge -
#sudo chmod 777 $XAUTH
X11PORT=`echo $DISPLAY | sed 's/^[^:]*:\([^\.]\+\).*/\1/'`
TCPPORT=`expr 6000 + $X11PORT`
#sudo ufw allow from 172.17.0.0/16 to any port $TCPPORT proto tcp 
DISPLAY=`echo $DISPLAY | sed 's/^[^:]*\(.*\)/172.17.0.1\1/'`
sudo docker run -it --env="QT_X11_NO_MITSHM=1" -e DISPLAY=$DISPLAY -v $XAUTH:$XAUTH -e XAUTHORITY=$XAUTH name_dockerImage

XAUTH=$HOME/xauthdocker
echo $XAUTH
xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
X11PORT=`echo $DISPLAY | sed 's/^[^:]*:\([^\.]\+\).*/\1/'`
echo $X11PORT
TCPPORT=`expr 6000 + $X11PORT`
echo $TCPPORT
DISPLAY=`echo $DISPLAY | sed 's/^[^:]*\(.*\)/172.17.0.1\1/'`
echo "DISPLAY ="$DISPLAY
sudo docker run -it --rm -e LOCAL_USER_ID="id -u $USER" -v /etc/group:/etc/group:ro -v /etc/passwd:/etc/passwd:ro --user $(id -u $USER):$(id -g $USER) --env="QT_X11_NO_MITSHM=1" -e DISPLAY=$DISPLAY -v $XAUTH:$XAUTH -e XAUTHORITY=$XAUTH --mac-address xx -v $PWD:/opt/project quartus:16.1 $1

• http://icaci.info/posts/x11-forwarding-with-x11uselocalhost-no.html

---

=> Add proxy to Docker for pulling images

• Create file: sudo nano /etc/systemd/system/docker.service.d/http-proxy.conf

[Service]
Environment="HTTP_PROXY=http://proxy.jp.XXXX.com:8080/" "NO_PROXY=localhost,127.0.0.1,m5-nexus01.jp.XXXX.com,nexus.tk.XXXX.co.jp"

 OR

[Service]
Environment="HTTP_PROXY=http://proxy.jp.****.com:8080"
Environment="HTTPS_PROXY=http://proxy.jp.****.com:8080"
Environment="NO_PROXY=m5-nexus01.jp.****.com"

---

=> Docker container and memory usage

• https://shuheikagawa.com/blog/2017/05/27/memory-usage/

=> Docker save using PIGZ

• docker save XXX | pigz -c > XXX.tgz
• pigz -c -d *.tgz | docker load // -c: using stdout ; -d: decompress