Rootless Podman Security Context Configuration

Feature Request

Why

When we pull IronBank rootless-podman container in a Gitlab pipeline stage...

We would like to be able to run podman commands, or, understand what is the least privileged configuration necessary for rootless-podman container, in our BigBang cluster... to run podman commands.

Currently, rootless-podman pod deployment errors because of lacking security context configuration:

Proposed Solution

If possible, please provide least privileged security context configuration necessary, or documentation for setting up least privileged security context configuration, for using IronBank rootless podman container in a BigBang cluster deployment, more specifically:

Method for running systcl commands, or mounting init-systcl command script, to define rootless podman pod max_user_namespace
Method for forwarding podman socket to required daemon host, or method of setting up Linux Server for Podman API use

Edited Apr 14, 2021 by Gabriel Borcean