Update Podman

2025-10-01 19:19:06 +00:00 · 2025-10-01 19:19:06 +00:00 · d27e55e2b4
commit d27e55e2b4
parent 34f3bf7167
1 changed files with 34 additions and 1 deletions
--- a/Podman.md
+++ b/Podman.md
@ -1,4 +1,4 @@
-## Example Healthcheck
+### Example Healthcheck

 ```bash
 podman run -d --name web \
@ -7,4 +7,37 @@ podman run -d --name web \
  --health-timeout=3s \
  --health-retries=3 \
  nginx:alpine
+```
+---
+### Limit resources from host system
+```bash
+    --cpus=0.3 \
+    --memory=2g \
+    --memory-swap=2.5g \
+    --cpu-shares=512 \
+```
+
+---
+## Hardening
+
+```bash
+    --read-only \
+    --security-opt no-new-privileges \
+    --cap-drop ALL \
+    --cap-add=CHOWN \
+    --cap-add=NET_BIND_SERVICE \
+    --cap-add=SETGID \
+    --cap-add=SETUID \
+```
+
+Tempfs examples
+```bash
+    --tmpfs /tmp:rw,size=256m \
+    --tmpfs /var/cache/fontconfig:rw,size=32m \
+    --tmpfs /usr/share/tessdata:rw,size=256m \
+    --tmpfs /configs:rw,size=16m \
+    --tmpfs /customFiles:rw,size=64m \
+    --tmpfs /logs:rw,size=64m \
+    --tmpfs /pipeline:rw,size=128m \
+    --tmpfs /home/stirlingpdfuser:rw,size=32m \
 ```