eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

210
active users

#rootless

0 posts0 participants0 posts today
Marcus Rohrmoser 🌻<p>Hi <span class="h-card" translate="no"><a href="https://social.vivaldi.net/@lproven" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lproven</span></a></span>,<br>nice! I'm using several <a href="https://digitalcourage.social/tags/CGI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CGI</span></a>​s <a href="https://digitalcourage.social/tags/RFC3875" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC3875</span></a> for personal (scaled to n=1) web applications - be it (ephemeral) <a href="https://digitalcourage.social/tags/QRCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRCode</span></a> <a href="https://qr.mro.name" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">qr.mro.name</span><span class="invisible"></span></a>, <a href="https://digitalcourage.social/tags/GeoHash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GeoHash</span></a> <a href="https://mro.name/g/u28br" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">mro.name/g/u28br</span><span class="invisible"></span></a> conversion, a <a href="https://digitalcourage.social/tags/nodb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodb</span></a> guestbook <a href="https://codeberg.org/jugendhacktlab.qdrei.info/gaestebuch" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/jugendhacktlab.qd</span><span class="invisible">rei.info/gaestebuch</span></a>, a personal <a href="https://digitalcourage.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActivityPub</span></a> server <span class="h-card" translate="no"><a href="https://seppo.mro.name/aseppototry/" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aSeppoToTry</span></a></span> or the hacky video-office-hours reservation system <a href="https://mro.name/sprechstunde" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">mro.name/sprechstunde</span><span class="invisible"></span></a>. Once there even was a <a href="https://digitalcourage.social/tags/HaveIBeenPwnd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HaveIBeenPwnd</span></a> proof of concept <a href="https://blog.mro.name/2022/08/pwned-diy" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.mro.name/2022/08/pwned-di</span><span class="invisible">y</span></a>.<br>They're <a href="https://digitalcourage.social/tags/rootless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootless</span></a> deployments running on <a href="https://digitalcourage.social/tags/shared" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shared</span></a> <a href="https://digitalcourage.social/tags/hosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hosting</span></a> (except qrcodes and HaveIBeenPwnd).</p>
Ludovic Courtès<p>Instead of disabling unprivileged user namespaces plain and simple, Ubuntu since 24.04 restricts them with an AppArmor profile, which is known to be insufficient:<br><a href="https://seclists.org/oss-sec/2025/q1/253" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">seclists.org/oss-sec/2025/q1/2</span><span class="invisible">53</span></a></p><p>Yet, people writing code relying on unprivileged user namespaces have to deal with Ubuntu specifics where things don’t behave as documented. Latest example:<br><a href="https://codeberg.org/guix/guix/issues/679#issuecomment-5659997" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/guix/guix/issues/</span><span class="invisible">679#issuecomment-5659997</span></a></p><p>How do folks deal with it?</p><p><a href="https://toot.aquilenet.fr/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://toot.aquilenet.fr/tags/containers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>containers</span></a> <a href="https://toot.aquilenet.fr/tags/rootless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootless</span></a></p>
slubman<p>EDIT: Problem solved, by changing the VM OS from alpinelinux to fedora-server<br>---<br>So far I spent almost my whole afternoon trying to get <a href="https://social.linux.pizza/tags/UptimeKuma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UptimeKuma</span></a> running as a <a href="https://social.linux.pizza/tags/rootless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootless</span></a> <a href="https://social.linux.pizza/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podman</span></a> <a href="https://social.linux.pizza/tags/container" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>container</span></a> on a <a href="https://social.linux.pizza/tags/alpinelinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpinelinux</span></a> <a href="https://social.linux.pizza/tags/VM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VM</span></a> to successfully ping some machines to be monitored.</p><p>And so far I’m loosing the battle. If anyone has an idea or a pointer to a possible solution, I would be very happy.</p><p><a href="https://social.linux.pizza/tags/help" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>help</span></a> <a href="https://social.linux.pizza/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> <a href="https://social.linux.pizza/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a></p>
Jan Wildeboer 😷:krulorange:<p>Finally :) My little <a href="https://social.wildeboer.net/tags/RHEL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RHEL</span></a> 9 (Red Hat Enterprise Linux) server now runs <a href="https://social.wildeboer.net/tags/Forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Forgejo</span></a> version 8.0 as <a href="https://social.wildeboer.net/tags/rootless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootless</span></a> container behind nginx and it can happily execute workflows with the forgejo-runner running as a *user* systemd service. <a href="https://social.wildeboer.net/tags/rootless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootless</span></a> FTW :)</p>
Jan Wildeboer 😷:krulorange:<p>It has landed. As I run my own <a href="https://social.wildeboer.net/tags/Forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Forgejo</span></a> instance as a <a href="https://social.wildeboer.net/tags/rootless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootless</span></a> container on my <a href="https://social.wildeboer.net/tags/RHEL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RHEL</span></a> (Red Hat Enterprise Linux) server, all it took was</p><p>#&gt; systemctl stop forgejo<br>#&gt; podman pull codeberg.org/forgejo/forgejo:7-rootless<br>#&gt; systemctl start forgejo</p><p>And done. Updated to 7.0.3 :)</p><p>Release notes at <a href="https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-3" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/forgejo/forgejo/s</span><span class="invisible">rc/branch/forgejo/RELEASE-NOTES.md#7-0-3</span></a></p><p>Thank you to all that made it happen, <span class="h-card" translate="no"><a href="https://floss.social/@forgejo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>forgejo</span></a></span> :)</p>
natxolg<p>Bueno, ya he eliminado todas las entradas del DNS con subdominios y solo he dejado dos wildcard, uno para lo expuesto y otro para lo interno</p><p>Para lo expuesto lo paso por npm (no me gusta que no tenga waf o mas opciones de seguridad), y para lo interno traefik tirando de las labels de los contendores</p><p>Por el camino he borrado todos los tunnels de cloudflare. </p><p>Siguiente paso, crear todos los usuarios y montar contenedores por tematica en usuarios aislados</p><p><a href="https://masto.nobigtech.es/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> <a href="https://masto.nobigtech.es/tags/rootless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootless</span></a> <a href="https://masto.nobigtech.es/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podman</span></a></p>