Podman/Cockpit - how to control rootless podman containers

My Jellyfin server is setup with Podman under the user account “jellyfin”. The account is also a system account (UID 913).

As of right now, the way start/stop/restart the container is using machinectl shell jellyfin@.

How can I control that container in my Cockpit as myself, so that I won’t have to do that, and how can I do it without needing to use machinectl?


$ sudo -u jellyfin systemctl [email protected] --user status container-jellyfin
Failed to connect to bus: $DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined (consider using --machine=<user>@.host --user to connect to bus of other user)

You give your user access to the podman control group

What you need to also make sure you have is slirp4netns which are the user controllable net utils

Theres a good guide out there

You should read it as well as

So you know what your getting into

To go rootless you should understand how that affects the syscalls of podman and what podman is doing. Its supposed to be seemless but isnt

1 Like

You’re missing the point of the question, OP likely already has this configured.

To answer the question I dont think you can without logging into that user in cockpit? Support multiple users · Issue #692 · cockpit-project/cockpit-podman · GitHub

I just have them aliased and/or in scripts to grab output I want and avoid the long stanzas.

The “right” way to handle this is to have the containers shipping logs and health to some other service, unfortunately its not very user friendly to try keeping it all via systemd (tho scripts and aliases help).

Well, that’s a lil annoying :frowning:

Was hoping for a quick way to start it up from Cockpit, especially since they seem to have stopped supporting Docker in Cockpit.

Have you tried creating a systemd unit? That would allow you to at least stop and restart it.

yea, on user level

I just machinectl into the jellyfin account, then start/stop from there

podman also has a subcommand to generate a systemd unit file and those can use User and Group parameters. Might work as a way to run a system (not user) service-like pod under a certain username.

I also suspect there is a more elegant way to do this but that’s what I know.

Thanks so much! I’ll look into that :slight_smile: