Run Sandfly with Podman
Some Linux distributions (aka distros), such as Red Hat Enterprise Linux and its related distros, officially support Podman rather than Docker. Sandfly is able to run under Podman on those distros by performing the following steps, which have been tested on RHEL 8.7 and 9.0 systems:
- Install the podman, podman-docker, podman-plugins, and dnsmasq packages.
sudo dnf install podman podman-docker podman-plugins dnsmasq
INFO: The podman-docker Package Installs a Wrapper Script
The podman-docker package installs a wrapper script that runs 'docker' commands with podman. The podman-plugins and dnsmasq packages provide the podman dnsname plugin to allow DNS-based name resolution between containers in a podman network, which Sandfly depends on.
- Obtain the latest sandfly-setup package from git.
git clone https://github.com/sandflysecurity/sandfly-setup
- If SELinux is enabled (it is by default in Red Hat Enterprise Linux), change the SELinux context on the sandfly-setup/setup/setup_data directory so that podman containers are allowed to create the configuration files during installation.
chcon -Rt svirt_sandbox_file_t sandfly-setup/setup/setup_data
- Proceed with Sandfly installation and startup as usual. Make sure you use sudo or run the installation scripts as root.
- If you attempted to install Sandfly on a podman system before the dnsname plugin was installed, you must delete the sandfly-net network before attempting the installation again (it will be automatically re-created by the Sandfly scripts):
-
sudo podman network rm sandfly-net
IMPORTANT: Rootless Podman Not Tested
Sandfly has not tested rootless podman and some podman features such as the dnsname plugin may not work properly in rootless mode.
Updated 2 months ago