Some Linux distributions (aka distros), such as Red Hat Enterprise Linux and its related distros, officially support Podman rather than Docker. Sandfly is able to run under Podman on those distros by performing the following steps, which have been tested on RHEL 8.7 and 9.0 systems:

Install Podman Packages

Install the podman, podman-docker, podman-plugins, and dnsmasq packages:

sudo dnf install podman podman-docker podman-plugins dnsmasq

ℹ️

INFO: The podman-docker Package Installs a Wrapper Script

The podman-docker package installs a wrapper script that runs 'docker' commands with podman. The podman-plugins and dnsmasq packages provide the podman dnsname plugin to allow DNS-based name resolution between containers in a podman network, which Sandfly depends on.

Download Setup Archive

The setup files are located at Sandfly Security's Github. Please visit the link below to obtain the latest version:

https://github.com/sandflysecurity/sandfly-setup/releases

Depending on your needs, choose between one of the two available packages.

Standard Package

This package contains what is minimally needed to install and run Sandfly with the exception of the containers, which will be downloaded from the Internet as needed. Container downloads may need to occur after installation, thus hosts using this package should be able to connect to the Internet.

To use this option, download sandfly-setup-5.2.0.tgz onto the sandfly server and then extract the archive:

wget https://github.com/sandflysecurity/sandfly-setup/releases/download/v5.2.0/sandfly-setup-5.2.0.tgz

tar -xzvf sandfly-setup-5.2.0.tgz

Offline Package

For users who have systems that either are or intending to run a Sandfly server and/or nodes that are not directly connected to the Internet for any reason (e.g. offline / air-gapped), or for those who simply prefer to have a ready to use bundle, we alternately provide an offline package which includes the containers.

To use this option, download sandfly-setup-offline-5.2.0.tgz from Github, copy the file onto the host where Sandfly will be installed, and finally extract the archive.

Once either archive has been extracted, there should be a directory named sandfly-setup.

Configure SELinux

If SELinux is enabled (it is by default in Red Hat Enterprise Linux), change the SELinux context on the sandfly-setup/setup/setup_data directory so that podman containers are allowed to create the configuration files during installation.

chcon -Rt svirt_sandbox_file_t sandfly-setup/setup/setup_data

Continue Installing Sandfly

Proceed with the remaining Sandfly installation and startup steps as usual. Make sure you use sudo or run the installation scripts as the root user.

If you attempted to install Sandfly on a podman system before the dnsname plugin was installed, you must delete the sandfly-net network before attempting the installation again (it will be automatically re-created by the Sandfly scripts):

sudo podman network rm sandfly-net

❗️

IMPORTANT: Rootless Podman Not Tested

Sandfly has not tested rootless podman and some podman features such as the dnsname plugin may not work properly in rootless mode.