Cortex XSOAR supports both Docker and Podman as the container management tool. Podman is a daemonless container engine for developing, managing, and running OCI containers on the Linux System. Containers can either be run as root or in rootless mode.
When installing a server or engine, Cortex XSOAR automatically detects the container management type based on the operating system. For example, if your operating system is running RHEL v8 and higher, Cortex XSOAR installs Podman packages and configures the operating system to enable Podman in rootless mode.
When upgrading a server or engine, the server or engine keeps the previously used container management type (regardless of distribution version). To migrate an existing server or engine to Podman, see Migrate From Docker to Podman.
By default, Podman uses the
$HOME/.local/share/containers/storagedirectory. To use a different directory for container storage, edit the Podman config file located at
/home/demisto/.config/containers/storage.conf. If the file does not exist, create it and change the ownership:
cp /etc/containers/storage.conf /home/demisto/.config/containers
chown demisto:demisto /home/demisto/.config/containers/storage.conf
To set a different directory for container storage, change the key:
storage.conffile. For example,
The new storage directory needs to be owned by the demisto user, otherwise they will be denied access to it. To assign the demisto user ownership of the new storage directory, on the Linux command line, run
chown -R demisto:demisto <NEW-LOCATION>.
Do not use NAS storage for the $HOME directory. The directory needs to be a local directory for Podman to work.
If using PowerShell integrations, you may need to configure the default SELinux policy as Podman can affect processes which
Docker hardening guidelines can be applied to Podman, with the exception of Limit Available Memory, Limit Available CPU, and Limit PIDS.