How to run atmoz/sftp with rootless podman (quadlets) + systemd socket activation + Network=none?
#449
Unanswered
eriksjolund
asked this question in
Q&A
How to run atmoz/sftp with rootless podman (quadlets) + systemd socket activation + `Network=none`?
#449
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Does anyone know how to run atmoz/sftp with rootless podman (quadlets) and systemd socket activation?
It would be cool to use
because
sshdwould then not have the privileges to connect to the internet. This improves security.If
sshdwould be compromised, the intruder would not be able to use the server as a spam bot.Docker does not support socket activation of containers so we currently need to use quadlets for this.
Side note:
I did a proof-of-concept (openssh with socket activation support from a git branch I found on the internet)
https://github.com/eriksjolund/podman-openssh-socket-activation
It seems to work.
After that I tried out atmoz/sftp (the debian version) but it failed. Then I tried building atomz/sftp with ubuntu as base image.
Building the image succeeded but when the sshd service is started, sshd prints the error message
Failed to get systemd socket fds: Numerical result out of rangeSome more details are found here:
eriksjolund/podman-openssh-socket-activation#3 (comment)
Beta Was this translation helpful? Give feedback.
All reactions