Configuring Podman for Carrier
You can use rootless Podman instead of Docker for running PrivX Carrier.
To set up Podman for PrivX Carrier:
Install Carrier with Podman dependencies
On Red Hat 8/9 or Rocky Linux 8/9:
sudo yum install podman crun dbus-x11 sudo rpm --import https://product-repository.ssh.com/info.fi-ssh.com-pubkey.asc sudo curl https://product-repository.ssh.com/rhel9/ssh-products.repo -o /etc/yum.repos.d/ssh-products.repo sudo yum install PrivX-Carrier
Download the Carrier configuration file via PrivX UI and place it to /opt/privx/etc/carrier-config.toml
Modify the Carrier configuration file to use Podman instead of Docker:
# Container service type to be used. # Use "docker" or "podman" # Default: docker container_service_type = "podman" # Container service binary location on host machine. # Needs to be accessible by privx-carrier binary. # Recommended Docker version 1.13.1 or later. # If using Podman, supported version is 3.2.3 or later. # For configuring Podman on RHEL 8 and 9 (v4.6 onwards), see PrivX documentation. privx_docker_binary_path = "/usr/bin/podman" # Create separate network for docker containers # Enabled by default. Some older podman versions do not support "docker network" -command, disable if using one. docker_network_enabled = false
You may optionally enable debug logs for Podman, which eases debugging:
# Whether or not to enable podman debug logs when launching containers # For Docker debug logs, edit Docker daemon configuration file instead. # Default: false enable_podman_debug_logs = true
Run the Carrier postinstall script as root:
/opt/privx/scripts/carrier-postinstall.sh
Generate
/etc/subuid
and/etc/subgid
files for Podman:usermod --add-subuids 100000-165535 --add-subgids 100000-165535 root usermod --add-subuids 200000-265535 --add-subgids 200000-265535 privx
Migrate the Podman configuration:
podman system migrate
Test your web connections via PrivX UI. The first launch will automatically pull the container image before the connection is established.
Alternatively, you may pre-pull the correct image manually (replace
<version>
with your browser-image version):su - privx podman pull public.ecr.aws/sshprivx/privx_browser_firefox_lite:<version>