On Mon, Jul 11, 2022 at 9:00 AM Andrei Gherzan <[email protected]> wrote: > > From: Andrei Gherzan <[email protected]> > > Signed-off-by: Andrei Gherzan <[email protected]> > --- > docs/00-INDEX | 3 +++ > docs/podman.txt | 15 +++++++++++++++ > docs/podman.txt.license | 3 +++ > .../podman/podman/00-podman-rootless.conf | 6 ++++++ > recipes-containers/podman/podman_git.bb | 15 ++++++++++++++- > 5 files changed, 41 insertions(+), 1 deletion(-) > create mode 100644 docs/podman.txt > create mode 100644 docs/podman.txt.license > create mode 100644 recipes-containers/podman/podman/00-podman-rootless.conf > > diff --git a/docs/00-INDEX b/docs/00-INDEX > index 5aa1b3c..6659fbe 100644 > --- a/docs/00-INDEX > +++ b/docs/00-INDEX > @@ -11,5 +11,8 @@ alphabetical order as well. > openvswitch.txt > - example on how to setup openvswitch with qemu/kvm. > > +podman.txt > + - documentation on podman container engine integration. > + > xvisor.txt > - example on how to setup Xvisor for RISC-V QEMU. > diff --git a/docs/podman.txt b/docs/podman.txt > new file mode 100644 > index 0000000..9f35501 > --- /dev/null > +++ b/docs/podman.txt > @@ -0,0 +1,15 @@ > +Podman > +====== > + > +Rootless mode > +------------- > + > +Podman is a daemonless container engine that has as one of its features the > +ability to run in rootless mode. This requires a set of configurations and > +additional components. The OE/Yocto integration configures podman with this > +support enabled by default. This can be changed via configuration files > +(distro, local.conf, etc.) or bbaappends using the `PODMAN_ROOTLESS` > variable. > + > +To disable rootless support set the variable to '0': > + > +PODMAN_ROOTLESS = "0" > diff --git a/docs/podman.txt.license b/docs/podman.txt.license > new file mode 100644 > index 0000000..940435e > --- /dev/null > +++ b/docs/podman.txt.license > @@ -0,0 +1,3 @@ > +SPDX-FileCopyrightText: Huawei Inc. > + > +SPDX-License-Identifier: Apache-2.0
I haven't been following along closely enough to the copyright thread that Richard started, but these jumped out at me. Aren't most of the .conf files considered MIT (i.e. part of the meta data / recipe space) ? And are we putting copyright's in conf files and .txt files now ? I'm definitely not an expert (at all!!) but that doesn't seem quite right to me, when they are configuration files that follow standard practices for the packages we are integrating. > diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf > b/recipes-containers/podman/podman/00-podman-rootless.conf > new file mode 100644 > index 0000000..2aca663 > --- /dev/null > +++ b/recipes-containers/podman/podman/00-podman-rootless.conf > @@ -0,0 +1,6 @@ > +# SPDX-FileCopyrightText: Huawei Inc. > +# > +# SPDX-License-Identifier: Apache-2.0 > + > +# User namespaces are required for rootless containers. > +user.max_user_namespaces = 15000 > diff --git a/recipes-containers/podman/podman_git.bb > b/recipes-containers/podman/podman_git.bb > index 961cd18..2680f40 100644 > --- a/recipes-containers/podman/podman_git.bb > +++ b/recipes-containers/podman/podman_git.bb > @@ -6,6 +6,10 @@ DESCRIPTION = "Podman is a daemonless container engine for > developing, \ > `alias docker=podman`. \ > " > > +# podman can run in rootless mode with the help of additional components: > +# > https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md > +PODMAN_ROOTLESS ?= "1" Isn't there a way to do this with PACKAGECONFIG ? We could just as easily check for the option in that, and then we have a place for extra rdepends, etc,as required. Bruce > + > inherit features_check > REQUIRED_DISTRO_FEATURES ?= "seccomp ipv6" > > @@ -21,6 +25,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd" > SRC_URI = " \ > git://github.com/containers/libpod.git;branch=v4.1;protocol=https \ > file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \ > + ${@bb.utils.contains('PODMAN_ROOTLESS', '1', > 'file://00-podman-rootless.conf', '', d)} \ > " > > LICENSE = "Apache-2.0" > @@ -97,6 +102,11 @@ do_install() { > # Silence docker emulation warnings. > mkdir -p ${D}/etc/containers > touch ${D}/etc/containers/nodocker > + > + if [ "${PODMAN_ROOTLESS}" = "1" ]; then > + install -d "${D}${sysconfdir}/sysctl.d" > + install -m 0644 "${WORKDIR}/00-podman-rootless.conf" > "${D}${sysconfdir}/sysctl.d" > + fi > } > > FILES:${PN} += " \ > @@ -112,6 +122,9 @@ SYSTEMD_SERVICE:${PN} = "podman.service podman.socket" > # that busybox is configured with nsenter > VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter" > > -RDEPENDS:${PN} += "conmon virtual-runc iptables cni skopeo > ${VIRTUAL-RUNTIME_base-utils-nsenter}" > +RDEPENDS:${PN} += "\ > + conmon virtual-runc iptables cni skopeo > ${VIRTUAL-RUNTIME_base-utils-nsenter} \ > + ${@bb.utils.contains('PODMAN_ROOTLESS', '1', 'fuse-overlayfs > slirp4netns', '', d)} \ > +" > RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade > kernel-module-xt-comment" > RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', > 'docker', '', d)}" > -- > 2.25.1 > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7429): https://lists.yoctoproject.org/g/meta-virtualization/message/7429 Mute This Topic: https://lists.yoctoproject.org/mt/92309177/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
