Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 20. Running special container images

Run containers with predefined commands that use built-in labels called runlabels. With these labels, you can trigger specific actions such as install, run, or uninstall directly from the image metadata.

20.1. Opening privileges to the host
Copia collegamento

Understand the capabilities of privileged containers, which can access host resources. Privileged containers, such as Toolbx, bypass standard isolation to interact with the host system.

  • Privileges: A privileged container disables the security features that isolate the container from the host. You can run a privileged container by using the podman run --privileged <image_name> command. You can, for example, delete files and directories mounted from the host that are owned by the root user.
  • Process tables: You can use the podman run --privileged --pid=host <image_name> command to use the host PID namespace for the container. Then you can use the ps -e command within a privileged container to list all processes running on the host. You can pass a process ID from the host to commands that run in the privileged container (for example, kill <PID>).
  • Network interfaces: By default, a container has only one external network interface and one loopback network interface. You can use the podman run --net=host <image_name> command to access host network interfaces directly from within the container.
  • Inter-process communications: The IPC facility on the host is accessible from within the privileged container. You can run commands such as ipcs to see information about active message queues, shared memory segments, and semaphore sets on the host.

20.2. Container images with runlabels
Copia collegamento

You can use runlabels to enter predefined commands stored within container images. Common labels such as install and run simplify the deployment and management of complex containers.

Existing runlabels include:

  • install: Sets up the host system before executing the image. Typically, this results in creating files and directories on the host that the container can access when it is run later.
  • run: Identifies Podman command-line options to use when running the container. Typically, the options open privileges on the host and mount the host content the container needs to remain permanently on the host.
  • uninstall: Cleans up the host system after you finish running the container.

20.3. Running support-tools with runlabels
Copia collegamento

Deploy the support-tools container by using its built-in runlabels. This method simplifies installation, execution, and removal by using the commands defined directly in the image.

The rhel10/support-tools container image is made to run a containerized version of the support-toolsd daemon. The support-tools image contains the following runlabels: install, run and uninstall.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Pull the support-tools image: 

    # podman pull registry.redhat.io/rhel10/support-tools
    Copy to Clipboard Toggle word wrap

  2. Display the install runlabel for support-tools: 

    # podman container runlabel install --display rhel10/support-tools
command: podman run --rm --privileged -v /:/host -e HOST=/host -e IMAGE=registry.redhat.io/rhel10/support-tools:latest -e NAME=support-tools registry.redhat.io/rhel10/support-tools:latest /bin/install.sh
    Copy to Clipboard Toggle word wrap

    This shows that the command will open privileges to the host, mount the host root filesystem on /host in the container, and run an install.sh script.

  3. Run the install runlabel for support-tools: 

    # podman container runlabel install rhel10/support-tools
command: podman run --rm --privileged -v /:/host -e HOST=/host -e IMAGE=registry.redhat.io/rhel10/support-tools:latest -e NAME=support-tools registry.redhat.io/rhel10/support-tools:latest /bin/install.sh
Creating directory at /host//etc/pki/support-tools
Creating directory at /host//etc/support-tools.d
Installing file at /host//etc/support-tools.conf
Installing file at /host//etc/sysconfig/support-tools
Installing file at /host//etc/logrotate.d/syslog
    Copy to Clipboard Toggle word wrap

    This creates files on the host system that the support-tools image will use later.

  4. Display the run runlabel for support-tools: 

    # podman container runlabel run --display rhel10/support-tools
command: podman run -d --privileged --name support-tools --net=host --pid=host -v /etc/pki/support-tools:/etc/pki/support-tools -v /etc/support-tools.conf:/etc/support-tools.conf -v /etc/sysconfig/support-tools:/etc/sysconfig/support-tools -v /etc/support-tools.d:/etc/support-tools.d -v /var/log:/var/log -v /var/lib/support-tools:/var/lib/support-tools -v /run:/run -v /etc/machine-id:/etc/machine-id -v /etc/localtime:/etc/localtime -e IMAGE=registry.redhat.io/rhel10/support-tools:latest -e NAME=support-tools --restart=always registry.redhat.io/rhel10/support-tools:latest /bin/support-tools.sh
    Copy to Clipboard Toggle word wrap

    This shows that the command opens privileges to the host and mount specific files and directories from the host inside the container, when it launches the support-tools container to run the support-toolsd daemon.

  5. Execute the run runlabel for support-tools: 

    # podman container runlabel run rhel10/support-tools
command: podman run -d --privileged --name support-tools --net=host --pid=host -v /etc/pki/support-tools:/etc/pki/support-tools -v /etc/support-tools.conf:/etc/support-tools.conf -v /etc/sysconfig/support-tools:/etc/sysconfig/support-tools -v /etc/support-tools.d:/etc/support-tools.d -v /var/log:/var/log -v /var/lib/support-tools:/var/lib/support-tools -v /run:/run -v /etc/machine-id:/etc/machine-id -v /etc/localtime:/etc/localtime -e IMAGE=registry.redhat.io/rhel10/support-tools:latest -e NAME=support-tools --restart=always registry.redhat.io/rhel10/support-tools:latest /bin/support-tools.sh
28a0d719ff179adcea81eb63cc90fcd09f1755d5edb121399068a4ea59bd0f53
    Copy to Clipboard Toggle word wrap

    The support-tools container opens privileges, mounts what it needs from the host, and runs the support-toolsd daemon in the background (-d). The support-toolsd daemon begins gathering log messages and directing messages to files in the /var/log directory.

  6. Display the uninstall runlabel for support-tools: 

    # podman container runlabel uninstall --display rhel10/support-tools
command: podman run --rm --privileged -v /:/host -e HOST=/host -e IMAGE=registry.redhat.io/rhel10/support-tools:latest -e NAME=support-tools registry.redhat.io/rhel10/support-tools:latest /bin/uninstall.sh
    Copy to Clipboard Toggle word wrap

  7. Run the uninstall runlabel for support-tools: 

    # podman container runlabel uninstall rhel10/support-tools
command: podman run --rm --privileged -v /:/host -e HOST=/host -e IMAGE=registry.redhat.io/rhel10/support-tools:latest -e NAME=support-tools registry.redhat.io/rhel10/support-tools:latest /bin/uninstall.sh
    Copy to Clipboard Toggle word wrap
    Note

    In this case, the uninstall.sh script just removes the /etc/logrotate.d/syslog file. It does not clean up the configuration files.

Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2026 Red HatTorna in cima