Nothing too shabby, but still. To run it you need docker, and after that just type
docker run -it --rm --log-driver none --read-only --net none --cap-drop=ALL --security-opt=no-new-privileges defnotgustavom/pixfire4
…and you will be greeted with a little, small, very pixelated bonfire.
“Why docker and not just a simple command?”
Mostly because of those two flags: --read-only
and --net none
. Can’t get better than this. :^)
This also came up while in a self-learning process, but I don’t want to “flex” it here.
Doesn’t work with podman (on my machine at least), any suggestions?
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:f1c0eb6f4ccdca4b72528f451baf6f4027f4b0965396bc4d885e27fd58cba771": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 151413:12311 for /bin): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /bin: invalid argument): exit status 1
Did you tried running it as another user? I’ve set binary ownership via chmod to the non-root user in the container.
Tried with another user and it works, looks really cool btw!
Any way to quit gracefully though?
I tried both Ctrl+C and Ctrl+Z but it just ignores the signals, I could only resort to killing it
Thanks. And CTRL + C is a bit wonky since it waits for the command to reach the end of the code to trigger it, but it works. (It’s intended to be “gloriously minimal”, so theres that. With built-in functions, and the least amount of code and calls.)
I see, weirdly it works every time on my own user, but it is on my second one that it doesn’t, the two applications are different though, did I somehow pull two different images?
I’m a bit curious, can you share the repository?
I’ve no idea. Still, running it on my rpi 4 and on my orange pi zero 3 has given me the same expected experience without any sudden changes.
Here you go.
I’ll try that, I also read around that I could increase my UID namespace range (not that I understand what it means 🫣), so I’ll try that too
Edit: Now I half understand after reading these:
https://github.com/containers/podman/issues/12715
https://docs.podman.io/en/latest/markdown/podman.1.html#rootless-mode
3.https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration
4.https://opensource.com/article/19/2/how-does-rootless-podman-work