Podman - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
8
Creation date
2024-02-14
Last date published
2024-04-25
Category
Administrator Guide
Solution
Cloud
Abstract

Run Podman containers instead of Docker for RHEL v8.

Podman is a daemonless container engine for developing, managing, and running OCI Containers on the Linux System. Containers can either be run as root or in rootless mode.

If you use the Shell installer to install an engine, Cortex XSOAR automatically detects the container management type based on the operating system. For example, if your operating system is running RHEL v8 and higher, Cortex XSOAR installs Podman packages and configures the operating system to enable Podman in rootless mode.

Note

When upgrading an engine, the engine keeps the previously used container management type (regardless of distribution version).

By default, Podman uses the $HOME/.local/share/containers/storage directory. To use a different directory for container storage, edit the Podman config file located at /home/demisto/.config/containers/storage.conf. If the file does not exist, create it and change the ownership:

  • cp /etc/containers/storage.conf /home/demisto/.config/containers

  • chown demisto:demisto /home/demisto/.config/containers/storage.conf

To set a different directory for container storage, change the key: rootless_storage_path in the storage.conf file. For example, rootless_storage_path=/var/lib/containers/$USER/storage.

Important

The new storage directory must be exclusively used by the demisto user and also owned by the demisto user, otherwise they will be denied access to it. To assign the demisto user ownership of the new storage directory, on the Linux command line, run chown -R demisto:demisto <NEW-LOCATION>. If the new location has multiple directory levels, run the chown -R command on the uppermost directory (in the preceding example: /var/lib/containers/$USER).

Do not use NAS storage for the $HOME directory. The directory needs to be a local directory for Podman to work.

Tip

We recommend reserving 150 GB for container storage, either in the /home partition or a different storage directory that you have set using the rootless_storage_path key.

If using PowerShell integrations, you may need to configure the default SELinux policy as Podman can affect processes which mmap to /dev/zero.

Docker Hardening Guidelines

Docker hardening guidelines can be applied to Podman, with the exception of Limit Available Memory, Limit Available CPU, and Limit PIDS. For more information, see Docker Hardening Guide.