How to run podman commands on host from within container

Question

In case of docker, this can be achieved by mounting docker.sock inside container.

But since there is no daemon in podman. What's the replacement for docker.sock?

I want to typically check the podman images presents on host and start a new container.

I'm using Podman with --privileged=true and root.

Answer 1

There is a new API (status: experimental) that was announced in a blog post in January 2020.

[root@fedora31 ~]# podman --version
podman version 1.8.0
[root@fedora31 ~]# podman system service --timeout 500000 unix://root/foobar.sock 
This function is EXPERIMENTAL.

As the API is still experimental this might change but right now you could make a query like this:

[root@fedora31 ~]# curl -s --unix-socket /root/foobar.sock http://d/v1.24/images/json | python3 -m json.tool
[
    {
        "Containers": 0,
        "Created": 1572319417,
        "Id": "f0858ad3febdf45bb2e5501cb459affffacef081f79eaa436085c3b6d9bd46ca",
        "Labels": {
            "maintainer": "Clement Verna <cverna@fedoraproject.org>"
        },
        "ParentId": "",
        "RepoDigests": [
            "sha256:8fa60b88e2a7eac8460b9c0104b877f1aa0cea7fbc03c701b7e545dacccfb433"
        ],
        "RepoTags": [
            "docker.io/library/fedora:latest"
        ],
        "SharedSize": 0,
        "Size": 201095865,
        "VirtualSize": 201095865,
        "CreatedTime": "0001-01-01T00:00:00Z"
    },
    null
]
[root@fedora31 ~]# 

The command python3 -m json.tool was added to pretty-print the JSON output.

I think the UNIX socket can be accessed from inside a container by using the bind-mounting technique (that was mentioned in the question).

According to the man page , the command podman system service also accepts the flag --varlink .

Using Varlink instead of the new API might be a better solution right now as it is more mature but it will be deprecated in the future.