5 files changed, 36 insertions, 1 deletions
diff --git a/docs/00-INDEX b/docs/00-INDEX
index 5aa1b3c5..6659fbee 100644
--- a/docs/00-INDEX
+++ b/docs/00-INDEX
@@ -11,5 +11,8 @@ alphabetical order as well.
 openvswitch.txt
        - example on how to setup openvswitch with qemu/kvm.
+podman.txt
+        - documentation on podman container engine integration.
 xvisor.txt
        - example on how to setup Xvisor for RISC-V QEMU.
diff --git a/docs/podman.txt b/docs/podman.txt
new file mode 100644
index 00000000..66a69b3c
--- /dev/null
+++ b/docs/podman.txt
@@ -0,0 +1,14 @@
+Podman
+======
+Rootless mode
+-------------
+Podman is a daemonless container engine that has as one of its features the
+ability to run in rootless mode. This requires a set of configurations and
+additional components. The OE/Yocto integration configures podman with this
+support disabled by default. This can be changed via configuration files
+(distro, local.conf, etc.) or bbappends using the `PACKAGECONFIG` variable.
+To enable rootless support, add `rootless` to the `PACKAGECONFIG` podman
+recipe variable.
diff --git a/docs/podman.txt.license b/docs/podman.txt.license
new file mode 100644
index 00000000..c7348705
--- /dev/null
+++ b/docs/podman.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: Huawei Inc.
+SPDX-License-Identifier: MIT
diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf b/recipes-containers/podman/podman/00-podman-rootless.conf
new file mode 100644
index 00000000..aaede0e1
--- /dev/null
+++ b/recipes-containers/podman/podman/00-podman-rootless.conf
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: MIT
+# User namespaces are required for rootless containers.
+user.max_user_namespaces        = 15000
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index 961cd187..73d3c931 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -21,6 +21,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd"
 SRC_URI = " \
    git://github.com/containers/libpod.git;branch=v4.1;protocol=https \
    file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
+    ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://00-podman-rootless.conf', '', d)} \
 "
 LICENSE = "Apache-2.0"
@@ -97,6 +98,11 @@ do_install() {
        # Silence docker emulation warnings.
        mkdir -p ${D}/etc/containers
        touch ${D}/etc/containers/nodocker
+        if ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'true', 'false', d)}; then
+                install -d "${D}${sysconfdir}/sysctl.d"
+                install -m 0644 "${WORKDIR}/00-podman-rootless.conf" "${D}${sysconfdir}/sysctl.d"
+        fi
 }
 FILES:${PN} += " \
@@ -112,6 +118,9 @@ SYSTEMD_SERVICE:${PN} = "podman.service podman.socket"
 # that busybox is configured with nsenter
 VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter"
-RDEPENDS:${PN} += "conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter}"
+RDEPENDS:${PN} += "\
+        conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \
+        ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'fuse-overlayfs slirp4netns', '', d)} \
+"
 RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
 RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}"

diff --git a/docs/00-INDEX b/docs/00-INDEX index 5aa1b3c5..6659fbee 100644 --- a/docs/00-INDEX +++ b/docs/00-INDEX
@@ -11,5 +11,8 @@ alphabetical order as well.
11	openvswitch.txt	11	openvswitch.txt
12	- example on how to setup openvswitch with qemu/kvm.	12	- example on how to setup openvswitch with qemu/kvm.
13		13
		14	podman.txt
		15	- documentation on podman container engine integration.
		16
14	xvisor.txt	17	xvisor.txt
15	- example on how to setup Xvisor for RISC-V QEMU.	18	- example on how to setup Xvisor for RISC-V QEMU.


diff --git a/docs/podman.txt b/docs/podman.txt new file mode 100644 index 00000000..66a69b3c --- /dev/null +++ b/docs/podman.txt
@@ -0,0 +1,14 @@
		1	Podman
		2	======
		3
		4	Rootless mode
		5	-------------
		6
		7	Podman is a daemonless container engine that has as one of its features the
		8	ability to run in rootless mode. This requires a set of configurations and
		9	additional components. The OE/Yocto integration configures podman with this
		10	support disabled by default. This can be changed via configuration files
		11	(distro, local.conf, etc.) or bbappends using the `PACKAGECONFIG` variable.
		12
		13	To enable rootless support, add `rootless` to the `PACKAGECONFIG` podman
		14	recipe variable.


diff --git a/docs/podman.txt.license b/docs/podman.txt.license new file mode 100644 index 00000000..c7348705 --- /dev/null +++ b/docs/podman.txt.license
@@ -0,0 +1,3 @@
		1	SPDX-FileCopyrightText: Huawei Inc.
		2
		3	SPDX-License-Identifier: MIT


diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf b/recipes-containers/podman/podman/00-podman-rootless.conf new file mode 100644 index 00000000..aaede0e1 --- /dev/null +++ b/recipes-containers/podman/podman/00-podman-rootless.conf
@@ -0,0 +1,6 @@
		1	# SPDX-FileCopyrightText: Huawei Inc.
		2	#
		3	# SPDX-License-Identifier: MIT
		4
		5	# User namespaces are required for rootless containers.
		6	user.max_user_namespaces = 15000


diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb index 961cd187..73d3c931 100644 --- a/recipes-containers/podman/podman_git.bb +++ b/recipes-containers/podman/podman_git.bb
@@ -21,6 +21,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd"
21	SRC_URI = " \	21	SRC_URI = " \
22	git://github.com/containers/libpod.git;branch=v4.1;protocol=https \	22	git://github.com/containers/libpod.git;branch=v4.1;protocol=https \
23	file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \	23	file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
		24	${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://00-podman-rootless.conf', '', d)} \
24	"	25	"
25		26
26	LICENSE = "Apache-2.0"	27	LICENSE = "Apache-2.0"
@@ -97,6 +98,11 @@ do_install() {
97	# Silence docker emulation warnings.	98	# Silence docker emulation warnings.
98	mkdir -p ${D}/etc/containers	99	mkdir -p ${D}/etc/containers
99	touch ${D}/etc/containers/nodocker	100	touch ${D}/etc/containers/nodocker
		101
		102	if ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'true', 'false', d)}; then
		103	install -d "${D}${sysconfdir}/sysctl.d"
		104	install -m 0644 "${WORKDIR}/00-podman-rootless.conf" "${D}${sysconfdir}/sysctl.d"
		105	fi
100	}	106	}
101		107
102	FILES:${PN} += " \	108	FILES:${PN} += " \
@@ -112,6 +118,9 @@ SYSTEMD_SERVICE:${PN} = "podman.service podman.socket"
112	# that busybox is configured with nsenter	118	# that busybox is configured with nsenter
113	VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter"	119	VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter"
114		120
115	RDEPENDS:${PN} += "conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter}"	121	RDEPENDS:${PN} += "\
		122	conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \
		123	${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'fuse-overlayfs slirp4netns', '', d)} \
		124	"
116	RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"	125	RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
117	RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}"	126	RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}"