Wiki logo

Fox Wiki

WikiMD Playground

Container Guide

Last updated: September 28, 2025

Container Guide

This guide provides instructions for running the application using containers with either Podman (recommended) or Docker.
Podman is the recommended container runtime for this application due to its rootless operation, better security model, and seamless integration with systemd.

Installation

openSUSE

Fedora/RHEL/CentOS

Ubuntu/Debian

Arch Linux

Running with Podman

Basic Usage

When running on systems with SELinux enabled (such as Fedora, RHEL, or CentOS), it's important to use the
z
flag for proper SELinux labeling:
Important SELinux Notes:
  • The
    z
    flag automatically applies the correct SELinux context to mounted volumes
  • This ensures proper security isolation while allowing the container to access the mounted files
  • Always use
    z
    when mounting volumes on SELinux-enabled systems

Systemd Integration with Quadlets (Podman Advantage)

Quadlets are the recommended way to manage containers with systemd in modern Podman versions. Create a quadlet file for automatic startup:
Quadlet Advantages:
  • Native systemd integration without generating unit files
  • Automatic container lifecycle management
  • Built-in support for auto-updates
  • Cleaner configuration syntax
  • Better resource management

Docker (Alternative)

While Docker can be used, Podman is recommended for better security and rootless operation.

Installation

Ubuntu/Debian

Fedora

Running with Docker

Basic Usage

With SELinux Support

On SELinux-enabled systems, use the
Z
flag (note: uppercase Z for Docker):
Note: Docker uses
Z
(uppercase) instead of
z
for SELinux labeling, but
z
is preferred when available.

Volume Mounting Best Practices

Read-Only Documentation Volume

Always mount the docs volume as read-only (
ro
) for security:

SELinux Considerations

  • Always use the
    z
    flag     when mounting volumes on SELinux-enabled systems
  • The
    z
    flag ensures proper SELinux context labeling
  • Without
    z
    , containers may fail to access mounted files due to SELinux restrictions
  • For shared volumes between containers, consider using
    Z
    (relabels exclusively)

Security Recommendations

  • Use Podman over Docker for better security isolation
  • Mount docs volume as read-only to prevent accidental modifications
  • Always use SELinux flags (
    z
    or
    Z
    ) on SELinux-enabled systems
  • Run containers as non-root user when possible
  • Use specific image tags instead of
    latest
    in production
  • Regularly update container images for security patches

Troubleshooting

SELinux Issues

If you encounter permission errors on SELinux systems:

Podman vs Docker Commands

Most Docker commands work with Podman by simply replacing
docker
with
podman
: