Hi,
I’m trying to test OCI container functionality on AXCF 1252 PLC: How to install Portainer Agent on a PLCnext Control device - PLCnext Community
Problem is that admin user don’t have rights to e.g. create directory in /etc/containers/ (like shown in above link). How can I have root access on the device? I read that I need to disable security profile but this note on the page said that my PLC have it enabled by default and cannot be disabled?
Note: New PLCnext Control device types will be secure-by-default (such as AXC F 1252, Virtual PLCnext Control, and the VL3 UPC 2440 EDGE kit). That is, every security-relevant setting is already in the state that was provided with activating the Security Profile in the former generation of PLCnext Control device types. Therefore, there is no Security Profile WBM 2 page in the newer controller generation.
Thanks.
Yes, you’re right. That article was written before the first secure-by-default device (AXC F 1252) was available, so it was not tested on a secure-by-default platform.
Based on this section of the Podman documentation:
Podman rootless unit search path
Quadlet files for non-root users can be placed in the following directories:
-
$XDG_RUNTIME_DIR/containers/systemd/
-
$XDG_CONFIG_HOME/containers/systemd/ or ~/.config/containers/systemd/
-
/etc/containers/systemd/users/${UID}
-
/etc/containers/systemd/users/
-
/usr/share/containers/systemd/users/${UID}
-
/usr/share/containers/systemd/users/
… ~/.config/containers/systemd/ is probably the best place to put Quadlet files on a secure-by-default device. However since this is still part of the user config, that user must have lingering enabled in order for the container to start on boot … and this is a problem with firmware version 2026.0, as you have identified.
In the upcoming firmware version 2026.6 it will be possible to set lingering, so that should solve this problem. As soon as there is a solution, I will update the Makers Blog article.