I can confirm guacamole runs rootlesd (tested on podman rootless)via Smartphone
On 17.06.25 15:26, Nick Couchman wrote:
Hi :)
I'm new to the guacamole world and I'm trying to deploy
it on openshift using the docker images of guacamole and
guacd. My problem is that the guacamole image requires
root privileges that I cannot provide on my cluster and
I'm blocked. I was wondering if there's something I can
do about that and if there's an alternate image for
guacamole that does not require root privileges?
I tried to edit the image myself and work
around the root permissions but no success.
Thanks!
When you say that it requires root privileges, what
behavior are you seeing that requires this? I admittedly
have not tried running it in a "rootless" mode, but I also
don't think there's anything within the Guacamole code or
functionality that actually would require root access - it
should work fine as a non-root user/container.
-Nick
I'll happily confirm it works perfectly fine in a rootless docker
setup without any modifications to the base images on both 1.5.5 and
1.6.0-RC#.
Running the container additionally read-only will require a few
exceptions for temp volumes and such, but otherwise this also works
fine.
If you want source IP propagation for meaningful connection logging,
you'll have to use something like pasta as network driver and make
sure you set the appropriate headers on your reverse proxy.
Of course, you won't be able to use privileged ports if you don't
have the permissions to grant that capability. So you'll have to map
an appropriate external port.
|
