Tighten the security on the podman varlink socket

We only want root to be allowed to access this socket. Also move socket to /run/podman directory. This requires us to drop a podman.conf tmpfiles.d file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #806 Approved by: mheon
author: Daniel J Walsh <dwalsh@redhat.com> 2018-05-18 16:28:51 -0400
committer: Atomic Bot <atomic-devel@projectatomic.io> 2018-05-19 07:47:03 +0000
commit: 9d7c50aa030ee70d507c414bb02f0add8ffa2835 (patch)
tree: b4151e582e3e123be0dd55505ef3984073b579bf /docs/podman-varlink.1.md
parent: 4b804e85165a29f9d712f1ec4f289040f942f459 (diff)
download: podman-9d7c50aa030ee70d507c414bb02f0add8ffa2835.tar.gz
podman-9d7c50aa030ee70d507c414bb02f0add8ffa2835.tar.bz2
podman-9d7c50aa030ee70d507c414bb02f0add8ffa2835.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/docs/podman-varlink.1.md b/docs/podman-varlink.1.md
index 6cfa8c84a..68a0f08a2 100644
--- a/docs/podman-varlink.1.md
+++ b/docs/podman-varlink.1.md
@@ -31,8 +31,16 @@ More will go here as the docs and api firm up.
     as well.
 -->
 
+## CONFIGURATION
+
+Users of the podman varlink service should enable the  io.projectatomic.podman.socket and io.projectatomic.podman.service.
+
+You can do this via systemctl
+
+systemctl enable --now io.projectatomic.podman.socket
+
 ## SEE ALSO
-podman(1)
+podman(1), systemctl(1)
 
 ## HISTORY
 April 2018, Originally compiled by Brent Baude<bbaude@redhat.com>
author	Daniel J Walsh <dwalsh@redhat.com>	2018-05-18 16:28:51 -0400
committer	Atomic Bot <atomic-devel@projectatomic.io>	2018-05-19 07:47:03 +0000
commit	9d7c50aa030ee70d507c414bb02f0add8ffa2835 (patch)
tree	b4151e582e3e123be0dd55505ef3984073b579bf /docs/podman-varlink.1.md
parent	4b804e85165a29f9d712f1ec4f289040f942f459 (diff)
download	podman-9d7c50aa030ee70d507c414bb02f0add8ffa2835.tar.gz podman-9d7c50aa030ee70d507c414bb02f0add8ffa2835.tar.bz2 podman-9d7c50aa030ee70d507c414bb02f0add8ffa2835.zip