Podman Overview - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-10-07
End_of_Life
EoL
Category
Administrator Guide
Abstract

Run Podman containers instead of Docker for operating systems such as RHEL v8.

Cortex XSOAR supports both Docker and Podman as the container management tool. Podman is a daemonless container engine for developing, managing, and running OCI containers on the Linux System. Containers can either be run as root or in rootless mode.

When installing a server or engine, Cortex XSOAR automatically detects the container management type based on the operating system. For example, if your operating system is running RHEL v8 and higher, Cortex XSOAR installs Podman packages and configures the operating system to enable Podman in rootless mode.

Note

  • When upgrading a server or engine, the server or engine keeps the previously used container management type (regardless of distribution version). To migrate an existing server or engine to Podman, see Migrate From Docker to Podman.

  • By default, Podman uses the $HOME/.local/share/containers/storage directory. To use a different directory for container storage, edit the Podman config file located at /home/demisto/.config/containers/storage.conf. If the file does not exist, create it and change the ownership:

    cp /etc/containers/storage.conf /home/demisto/.config/containers

    chown demisto:demisto /home/demisto/.config/containers/storage.conf

    To set a different directory for container storage, change the key: rootless_storage_path in the storage.conf file. For example, rootless_storage_path=/var/lib/containers/$USER/storage

    The new storage directory needs to be owned by the demisto user, otherwise they will be denied access to it. To assign the demisto user ownership of the new storage directory, on the Linux command line, run chown -R demisto:demisto <NEW-LOCATION>.

    Do not use NAS storage for the $HOME directory. The directory needs to be a local directory for Podman to work.

If using PowerShell integrations, you may need to configure the default SELinux policy as Podman can affect processes which mmap to /dev/zero.

Docker hardening guidelines can be applied to Podman, with the exception of Limit Available Memory, Limit Available CPU, and Limit PIDS.