guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A minimal rootless podman configuration

From: Ludovic Courtès
Subject: Re: A minimal rootless podman configuration
Date: Thu, 16 Mar 2023 18:28:48 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) 
Hi,

Brian Cully via "Development of GNU Guix and the GNU System
distribution." <guix-devel@gnu.org> skribis:

> Existing attempts to use podman rootless run into issues with the 
> cgroups file system being mounted by elogind. Since we now have 
> seatd and greetd, we can bypass elogind. Using them, I have 
> finally been able to use rootless podman. Since this is something 
> that comes up in IRC with some regularity, I wanted to share the 
> operating system configuration here.

Nice, well done!


[...]

>    ;;
>    ;; not strictly required, but without them podman will resort 
>    to
>    ;; single user mapping.
>    ;;
>    (simple-service 'subuid-subgid etc-service-type
>                    (list `("subuid"
>                            ,(plain-file "subuid"
>                                         (string-join
>                                          '("root:65536:65536"
>                                            "test:16777216:65536")
>                                        "\n" 'suffix)))
>                          `("subgid"
>                            ,(plain-file "subgid"
>                                         (string-join
>                                          '("root:65536:65536"
>                                            "test:16777216:65536")
>                                        "\n" 'suffix)))))

OK; that works because we have ‘newuidmap’ and ‘newgidmap’ in
‘setuid-programs’ by default.

Interesting, thanks for sharing!

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]