Run Sandfly with Podman
Some Linux distributions (aka distros), such as Red Hat Enterprise Linux and its related distros, officially support Podman rather than Docker. Sandfly is able to run under Podman on those distros by performing the following steps, which have been tested on RHEL 8.7 and 9.0 systems:
Install Podman Packages
Install the podman, podman-docker, podman-plugins, and dnsmasq packages:
sudo dnf install podman podman-docker podman-plugins dnsmasq
INFO: The podman-docker Package Installs a Wrapper Script
The podman-docker package installs a wrapper script that runs 'docker' commands with podman. The podman-plugins and dnsmasq packages provide the podman dnsname plugin to allow DNS-based name resolution between containers in a podman network, which Sandfly depends on.
Download Setup Archive
The setup files are located at Sandfly Security's Github. Please visit the link below to obtain the latest version:
https://github.com/sandflysecurity/sandfly-setup/releases
Depending on your needs, choose between one of the two available packages.
Standard Package
This package contains what is minimally needed to install and run Sandfly with the exception of the containers, which will be downloaded from the Internet as needed. Container downloads may need to occur after installation, thus hosts using this package should be able to connect to the Internet.
To use this option, download sandfly-setup-5.2.0.tgz onto the sandfly server and then extract the archive:
wget https://github.com/sandflysecurity/sandfly-setup/releases/download/v5.2.0/sandfly-setup-5.2.0.tgz
tar -xzvf sandfly-setup-5.2.0.tgz
Offline Package
For users who have systems that either are or intending to run a Sandfly server and/or nodes that are not directly connected to the Internet for any reason (e.g. offline / air-gapped), or for those who simply prefer to have a ready to use bundle, we alternately provide an offline package which includes the containers.
To use this option, download sandfly-setup-offline-5.2.0.tgz from Github, copy the file onto the host where Sandfly will be installed, and finally extract the archive.
Once either archive has been extracted, there should be a directory named sandfly-setup.
Configure SELinux
If SELinux is enabled (it is by default in Red Hat Enterprise Linux), change the SELinux context on the sandfly-setup/setup/setup_data directory so that podman containers are allowed to create the configuration files during installation.
chcon -Rt svirt_sandbox_file_t sandfly-setup/setup/setup_data
Continue Installing Sandfly
Proceed with the remaining Sandfly installation and startup steps as usual. Make sure you use sudo
or run the installation scripts as the root user.
If you attempted to install Sandfly on a podman system before the dnsname plugin was installed, you must delete the sandfly-net network before attempting the installation again (it will be automatically re-created by the Sandfly scripts):
sudo podman network rm sandfly-net
IMPORTANT: Rootless Podman Not Tested
Sandfly has not tested rootless podman and some podman features such as the dnsname plugin may not work properly in rootless mode.
Updated 2 months ago