This is new functionality ... and while we don't have a strict rule about not adding new features to existing releases, this is stretching the definition, since it does have the potential to cause issues.
It is definitely fine for master, but I'm not particularly keen to start adding new features to kirkstone. Bruce On Mon, Jul 11, 2022 at 9:01 AM Andrei Gherzan <[email protected]> wrote: > > From: Andrei Gherzan <[email protected]> > > Signed-off-by: Andrei Gherzan <[email protected]> > --- > docs/00-INDEX | 3 +++ > docs/podman.txt | 15 +++++++++++++++ > docs/podman.txt.license | 3 +++ > .../podman/podman/00-podman-rootless.conf | 6 ++++++ > recipes-containers/podman/podman_git.bb | 15 ++++++++++++++- > 5 files changed, 41 insertions(+), 1 deletion(-) > create mode 100644 docs/podman.txt > create mode 100644 docs/podman.txt.license > create mode 100644 recipes-containers/podman/podman/00-podman-rootless.conf > > diff --git a/docs/00-INDEX b/docs/00-INDEX > index 5aa1b3c..6659fbe 100644 > --- a/docs/00-INDEX > +++ b/docs/00-INDEX > @@ -11,5 +11,8 @@ alphabetical order as well. > openvswitch.txt > - example on how to setup openvswitch with qemu/kvm. > > +podman.txt > + - documentation on podman container engine integration. > + > xvisor.txt > - example on how to setup Xvisor for RISC-V QEMU. > diff --git a/docs/podman.txt b/docs/podman.txt > new file mode 100644 > index 0000000..9f35501 > --- /dev/null > +++ b/docs/podman.txt > @@ -0,0 +1,15 @@ > +Podman > +====== > + > +Rootless mode > +------------- > + > +Podman is a daemonless container engine that has as one of its features the > +ability to run in rootless mode. This requires a set of configurations and > +additional components. The OE/Yocto integration configures podman with this > +support enabled by default. This can be changed via configuration files > +(distro, local.conf, etc.) or bbaappends using the `PODMAN_ROOTLESS` > variable. > + > +To disable rootless support set the variable to '0': > + > +PODMAN_ROOTLESS = "0" > diff --git a/docs/podman.txt.license b/docs/podman.txt.license > new file mode 100644 > index 0000000..940435e > --- /dev/null > +++ b/docs/podman.txt.license > @@ -0,0 +1,3 @@ > +SPDX-FileCopyrightText: Huawei Inc. > + > +SPDX-License-Identifier: Apache-2.0 > diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf > b/recipes-containers/podman/podman/00-podman-rootless.conf > new file mode 100644 > index 0000000..2aca663 > --- /dev/null > +++ b/recipes-containers/podman/podman/00-podman-rootless.conf > @@ -0,0 +1,6 @@ > +# SPDX-FileCopyrightText: Huawei Inc. > +# > +# SPDX-License-Identifier: Apache-2.0 > + > +# User namespaces are required for rootless containers. > +user.max_user_namespaces = 15000 > diff --git a/recipes-containers/podman/podman_git.bb > b/recipes-containers/podman/podman_git.bb > index 4693bd6..4dcd0f2 100644 > --- a/recipes-containers/podman/podman_git.bb > +++ b/recipes-containers/podman/podman_git.bb > @@ -6,6 +6,10 @@ DESCRIPTION = "Podman is a daemonless container engine for > developing, \ > `alias docker=podman`. \ > " > > +# podman can run in rootless mode with the help of additional components: > +# > https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md > +PODMAN_ROOTLESS ?= "1" > + > inherit features_check > REQUIRED_DISTRO_FEATURES ?= "seccomp ipv6" > > @@ -21,6 +25,7 @@ SRCREV = "717edd7b844dcd66468f5d991991d87e9fc14c12" > SRC_URI = " \ > git://github.com/containers/libpod.git;branch=v4.0;protocol=https \ > file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \ > + ${@bb.utils.contains('PODMAN_ROOTLESS', '1', > 'file://00-podman-rootless.conf', '', d)} \ > " > > LICENSE = "Apache-2.0" > @@ -97,6 +102,11 @@ do_install() { > # Silence docker emulation warnings. > mkdir -p ${D}/etc/containers > touch ${D}/etc/containers/nodocker > + > + if [ "${PODMAN_ROOTLESS}" = "1" ]; then > + install -d "${D}${sysconfdir}/sysctl.d" > + install -m 0644 "${WORKDIR}/00-podman-rootless.conf" > "${D}${sysconfdir}/sysctl.d" > + fi > } > > FILES:${PN} += " \ > @@ -112,6 +122,9 @@ SYSTEMD_SERVICE:${PN} = "podman.service podman.socket" > # that busybox is configured with nsenter > VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter" > > -RDEPENDS:${PN} += "conmon virtual-runc iptables cni skopeo > ${VIRTUAL-RUNTIME_base-utils-nsenter}" > +RDEPENDS:${PN} += "\ > + conmon virtual-runc iptables cni skopeo > ${VIRTUAL-RUNTIME_base-utils-nsenter} \ > + ${@bb.utils.contains('PODMAN_ROOTLESS', '1', 'fuse-overlayfs > slirp4netns', '', d)} \ > +" > RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade > kernel-module-xt-comment" > RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', > 'docker', '', d)}" > -- > 2.25.1 > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7428): https://lists.yoctoproject.org/g/meta-virtualization/message/7428 Mute This Topic: https://lists.yoctoproject.org/mt/92309185/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
