1.6 KiB
1.6 KiB
Documentation
This project is OCI container (podman)-first. Docker specific documentation is provided in docker/docker.md
Container Quick Reference (Podman/OCI)
Structure
assets/
├── Containerfile ← OCI production (~7MB)
└── Containerfile.alpine ← Development (~15MB)
docs/
├── container.md ← Main Podman guide ⭐
└── docker/ ← Docker specifics
Quick Commands
# Build
podman build -t argparse-builder .
# Run rootless
podman run -d -p 8080:8080 argparse-builder
# With SELinux
podman run -d -p 8080:8080 --security-opt label=type:container_t argparse-builder
# Hardened
podman run -d -p 8080:8080 \
--read-only \
--cap-drop=ALL \
--security-opt=no-new-privileges \
--memory=128m \
argparse-builder
SELinux Volumes
# Private label (recommended)
podman run -v ./data:/data:Z argparse-builder
# Shared label
podman run -v ./shared:/shared:z argparse-builder
Systemd Integration
# Generate unit
podman generate systemd --new --name argparse-builder > ~/.config/systemd/user/argparse-builder.service
# Enable
systemctl --user enable --now argparse-builder
Key Features
- ✅ Rootless by default
- ✅ SELinux native support
- ✅ Daemonless operation
- ✅ OCI compliant
- ✅ Systemd integration
- ✅ ~7MB image size
Makefile
make container-build # Build image
make container-run # Run rootless
make container-run-hardened # Security hardened
make container-systemd # Generate systemd unit
See docs/container.md for complete guide.