diff options
| author | Andrei Gherzan <andrei.gherzan@huawei.com> | 2022-07-11 20:53:04 +0200 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2022-07-15 17:11:58 -0400 |
| commit | cf8a763b28e0608b475643781c5ae51a5186b543 (patch) | |
| tree | 95884c7de34f968fac8f18ce41c8359445c10237 | |
| parent | 2e05df2f4379c8e013161f6b815f8d01315565c7 (diff) | |
| download | meta-virtualization-cf8a763b28e0608b475643781c5ae51a5186b543.tar.gz | |
podman: Add support for rootless mode
This support is disabled by default and exposed via PACKAGECONFIG.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
| -rw-r--r-- | docs/00-INDEX | 3 | ||||
| -rw-r--r-- | docs/podman.txt | 14 | ||||
| -rw-r--r-- | docs/podman.txt.license | 3 | ||||
| -rw-r--r-- | recipes-containers/podman/podman/00-podman-rootless.conf | 6 | ||||
| -rw-r--r-- | recipes-containers/podman/podman_git.bb | 11 |
5 files changed, 36 insertions, 1 deletions
diff --git a/docs/00-INDEX b/docs/00-INDEX index 5aa1b3c5..6659fbee 100644 --- a/docs/00-INDEX +++ b/docs/00-INDEX | |||
| @@ -11,5 +11,8 @@ alphabetical order as well. | |||
| 11 | openvswitch.txt | 11 | openvswitch.txt |
| 12 | - example on how to setup openvswitch with qemu/kvm. | 12 | - example on how to setup openvswitch with qemu/kvm. |
| 13 | 13 | ||
| 14 | podman.txt | ||
| 15 | - documentation on podman container engine integration. | ||
| 16 | |||
| 14 | xvisor.txt | 17 | xvisor.txt |
| 15 | - example on how to setup Xvisor for RISC-V QEMU. | 18 | - example on how to setup Xvisor for RISC-V QEMU. |
diff --git a/docs/podman.txt b/docs/podman.txt new file mode 100644 index 00000000..66a69b3c --- /dev/null +++ b/docs/podman.txt | |||
| @@ -0,0 +1,14 @@ | |||
| 1 | Podman | ||
| 2 | ====== | ||
| 3 | |||
| 4 | Rootless mode | ||
| 5 | ------------- | ||
| 6 | |||
| 7 | Podman is a daemonless container engine that has as one of its features the | ||
| 8 | ability to run in rootless mode. This requires a set of configurations and | ||
| 9 | additional components. The OE/Yocto integration configures podman with this | ||
| 10 | support disabled by default. This can be changed via configuration files | ||
| 11 | (distro, local.conf, etc.) or bbappends using the `PACKAGECONFIG` variable. | ||
| 12 | |||
| 13 | To enable rootless support, add `rootless` to the `PACKAGECONFIG` podman | ||
| 14 | recipe variable. | ||
diff --git a/docs/podman.txt.license b/docs/podman.txt.license new file mode 100644 index 00000000..c7348705 --- /dev/null +++ b/docs/podman.txt.license | |||
| @@ -0,0 +1,3 @@ | |||
| 1 | SPDX-FileCopyrightText: Huawei Inc. | ||
| 2 | |||
| 3 | SPDX-License-Identifier: MIT | ||
diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf b/recipes-containers/podman/podman/00-podman-rootless.conf new file mode 100644 index 00000000..aaede0e1 --- /dev/null +++ b/recipes-containers/podman/podman/00-podman-rootless.conf | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | # SPDX-FileCopyrightText: Huawei Inc. | ||
| 2 | # | ||
| 3 | # SPDX-License-Identifier: MIT | ||
| 4 | |||
| 5 | # User namespaces are required for rootless containers. | ||
| 6 | user.max_user_namespaces = 15000 | ||
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb index 961cd187..73d3c931 100644 --- a/recipes-containers/podman/podman_git.bb +++ b/recipes-containers/podman/podman_git.bb | |||
| @@ -21,6 +21,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd" | |||
| 21 | SRC_URI = " \ | 21 | SRC_URI = " \ |
| 22 | git://github.com/containers/libpod.git;branch=v4.1;protocol=https \ | 22 | git://github.com/containers/libpod.git;branch=v4.1;protocol=https \ |
| 23 | file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \ | 23 | file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \ |
| 24 | ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://00-podman-rootless.conf', '', d)} \ | ||
| 24 | " | 25 | " |
| 25 | 26 | ||
| 26 | LICENSE = "Apache-2.0" | 27 | LICENSE = "Apache-2.0" |
| @@ -97,6 +98,11 @@ do_install() { | |||
| 97 | # Silence docker emulation warnings. | 98 | # Silence docker emulation warnings. |
| 98 | mkdir -p ${D}/etc/containers | 99 | mkdir -p ${D}/etc/containers |
| 99 | touch ${D}/etc/containers/nodocker | 100 | touch ${D}/etc/containers/nodocker |
| 101 | |||
| 102 | if ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'true', 'false', d)}; then | ||
| 103 | install -d "${D}${sysconfdir}/sysctl.d" | ||
| 104 | install -m 0644 "${WORKDIR}/00-podman-rootless.conf" "${D}${sysconfdir}/sysctl.d" | ||
| 105 | fi | ||
| 100 | } | 106 | } |
| 101 | 107 | ||
| 102 | FILES:${PN} += " \ | 108 | FILES:${PN} += " \ |
| @@ -112,6 +118,9 @@ SYSTEMD_SERVICE:${PN} = "podman.service podman.socket" | |||
| 112 | # that busybox is configured with nsenter | 118 | # that busybox is configured with nsenter |
| 113 | VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter" | 119 | VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter" |
| 114 | 120 | ||
| 115 | RDEPENDS:${PN} += "conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter}" | 121 | RDEPENDS:${PN} += "\ |
| 122 | conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \ | ||
| 123 | ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'fuse-overlayfs slirp4netns', '', d)} \ | ||
| 124 | " | ||
| 116 | RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment" | 125 | RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment" |
| 117 | RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}" | 126 | RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}" |