Podman #2 - Rootless - Feeling the Pain

In the first post we created a rootful container that survives a reboot.

Now it’s time to look at what everyone is talking about: rootless containers.

In this example we’ll use the default Debian user named debian with user ID 1000.

Step 1: Enable Linger

For containers to keep running when we’re not logged in, we need to allow the user to linger:

sudo loginctl enable-linger $UID

A reboot at this point helps clear up some warnings and errors from Podman. After rebooting, create the folder for the Quadlet file:

mkdir -p ~/.config/containers/systemd/

Step 2: Create the Quadlet

Next, create the Quadlet file:

nano ~/.config/containers/systemd/alpine.container

With the following content:

[Unit]
Description=Alpine test container

[Container]
Image=docker.io/library/alpine:latest
Exec=sleep infinity

[Service]
Restart=always

[Install]
WantedBy=default.target

Notice the use of default.target. This differs from the multi-user.target we used for the rootful container. In user mode, default.target is analogous to multi-user.target in system mode.

Step 3: Generate the Service File

Now let’s tell systemd to generate the service file:

systemctl --user daemon-reload

The generated file will be in:

ls /run/user/$UID/systemd/generator/

If alpine.service is missing, troubleshoot the Quadlet with:

/usr/lib/systemd/user-generators/podman-user-generator -dryrun

Step 4: Start the Container

Once the service file is created, start it with:

systemctl --user start alpine.service

At this point, the rootless container is running—and it will survive a reboot.

https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html