Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows - Podman Machine Service Wrapper using WinSW #25328

Open
nddipiazza opened this issue Feb 14, 2025 · 6 comments
Open

Windows - Podman Machine Service Wrapper using WinSW #25328

nddipiazza opened this issue Feb 14, 2025 · 6 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. machine windows issue/bug on Windows

Comments

@nddipiazza
Copy link

Feature request description

Add support for using Podman as a background service on a Windows Server 202x intended for use with CI pipelines

Using WinSW , Add a Podman Windows service wrapper to podman

  • Window service management would podman machine stop/start as needed.

Create a set of steps to install Podman as a background service on Windows Server
Then show a powershell script example of accessing using a podman client against that shared service

Suggest potential solution

Using WinSW , Add a Podman Windows service wrapper to podman

  • Window service management would podman machine stop/start as needed.

Then ensure the podman client is able to properly access the podman machine hosted by windows service

Have you considered any alternatives?

N/a

Additional context

See: #25284 for the origin of this
@nddipiazza nddipiazza added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 14, 2025
@Luap99 Luap99 added machine windows issue/bug on Windows labels Feb 14, 2025
@arixmkii
Copy link
Contributor

WinSW seems to be abandoned unfortunately winsw/winsw#1102 (comment) So, one should expect potential blockers implementing this way.

@baude
Copy link
Member

baude commented Feb 17, 2025

thanks for the comment @arixmkii

@nddipiazza
Copy link
Author

nddipiazza commented Feb 18, 2025
edited
Loading

shoot i just threw out a windows service wrapper i used in past. dang sucks it's not maintained. teaches me for putting the solution in the feature request

@arixmkii
Copy link
Contributor

It was not to offend anyone. I posted it for additional context strictly from technical perspective. I apologize if it sounded offensive. It is not wrong to propose a solution for evaluation.

@baude
Copy link
Member

baude commented Feb 20, 2025

is there another idea or approach or should we close this ?

@arixmkii
Copy link
Contributor

It is possible to run windows service in golang

This would be custom development, so, considerable amount of effort.

But what I'm more worried about is that original wrapper was designed for Jenkins and alike, and all these apps tend to have their configuration per app inside app folder. Podman machine is a per user, but service will run as privileged technical. So, it would need some mechanism to impersonate (or machine to handle config on demand (there is no code for this)) user while launching (and then machine will be available only for specific user). And having this would expose the service to a whole new vector of attacks. If there would appear RCE during machine start it would become an elevated RCE by service.

I believe there is more of this than just wrap a machine, but a question or feature to implement system wide Podman machine on Windows, where service will be a natural continuation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. machine windows issue/bug on Windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nddipiazza @baude @arixmkii @Luap99