this post was submitted on 09 Jul 2025
133 points (84.8% liked)

Linux

8394 readers
288 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
133
systemd has been a complete, utter, unmitigated success (blog.tjll.net)
submitted 3 days ago by cm0002@programming.dev to c/linux@programming.dev
48 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Quik@infosec.pub 75 points 3 days ago* (last edited 2 days ago) (23 children)

One thing the author probably hasn't done yet or just doesn't mention is that you can configure .container services with systemd-podman units (often called quadlets), e.g. a simple MariaDB container would look like this:

[Unit]
Description=MariaDB container

[Container]
Image=docker.io/mariadb:latest
Environment=MYSQL_ROOT_PASSWORD=rootpassword
Environment=MYSQL_USER=testuser
Environment=MYSQL_PASSWORD=testpassword
Environment=MYSQL_DATABASE=testdb

[Install]
WantedBy=multi-user.target

Short intro Full reference

This is superb, because it means your containers finally feel well-integrated with the rest of the OS and you can use systemctl, journalctl, etc. just like you would with other services.

Personally, I use this as an alternative to Podman/Docker compose and have been very happy with it running rootless containers from Nextcloud, Pufferpanel, Forgejo, Authentik, etc. (ask me for .container files if you need any help, I'm currently working on a small repo with a collection)

[–] dwt@feddit.org 0 points 2 days ago (9 children)

I like this, but even though pod man runs perfect rootless, quadlets can only run as root for now :-(

[–] mholiv@lemmy.world 4 points 2 days ago* (last edited 2 days ago) (6 children)

Not true. I run them rootless on my server as we speak. :)

[–] dwt@feddit.org 1 points 2 days ago (1 children)

How do you do that? Please link a description. This has been a major stumbling block for me

[–] mholiv@lemmy.world 1 points 2 days ago* (last edited 2 days ago) (1 children)

Are you placing your service files in ~/.config/containers/systemd of the home dir of the user you want them to run as?

Here is a link: https://linuxconfig.org/how-to-run-podman-containers-under-systemd-with-quadlet

[–] dwt@feddit.org 1 points 2 days ago (1 children)

Yeah, that works, but it means the services cannot be managed by systemctl as root anymore. Or am I missing something?

[–] mholiv@lemmy.world 2 points 1 day ago* (last edited 1 day ago)

You can if you want to. But I don’t think that is best practice. The idea of quadlets is the bring Linux norms to containers. You contain and manage all permissions for that container in that user.

I personally have completely separated users and selinux mls contexts for each container group (formerly docker compose file) and I manage them thusly. It’s more annoying but it substantially more secure.

This being said I think you can do it as root. I think this might work but I am not certain sudo systemctl --user -M theuser@ status myunit.service

load more comments (4 replies)
load more comments (6 replies)
load more comments (19 replies)