Podman (rootful & rootless) support

- Rootless support for unitexe user specifically

5 files changed, 34 insertions, 0 deletions

diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/podman/podman_%.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/podman/podman_%.bbappend
new file mode 100644
index 0000000..3b9e0c7
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/podman/podman_%.bbappend
@@ -0,0 +1,2 @@
+# Enable rootless containers.
+PACKAGECONFIG:append = " rootless"
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
new file mode 100644
index 0000000..cb2beaa
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
@@ -0,0 +1,12 @@
+#
+# Support rootless podman for unitexe user.
+#
+# This is explained at:
+#   https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration
+#
+do_install:append() {
+    echo "unitexe:100000:65536" >> ${D}${sysconfdir}/subuid
+    echo "" >> ${D}${sysconfdir}/subuid
+    echo "unitexe:100000:65536" >> ${D}${sysconfdir}/subgid
+    echo "" >> ${D}${sysconfdir}/subgid
+}
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-kernel/linux/linux-yocto_%.bbappend
new file mode 100644
index 0000000..37d2edd
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-kernel/linux/linux-yocto_%.bbappend
@@ -0,0 +1 @@
+SRC_URI:append = " file://netfilter_xt_match.cfg"
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-unit/images/core-image-unit.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-unit/images/core-image-unit.bbappend
new file mode 100644
index 0000000..ee336ce
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-unit/images/core-image-unit.bbappend
@@ -0,0 +1 @@
+IMAGE_INSTALL:append = " packagegroup-unit-containers"
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
new file mode 100644
index 0000000..922b0c8
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
@@ -0,0 +1,18 @@
+do_install:append() {
+    # If linger is not enabled then rootless podman 
+    # commands will complain with number of warnings.
+    install -d ${D}${localstatedir}/lib/systemd/linger
+    touch ${D}${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}
+
+    # Note: Use of .profile here assumes busybox shell.
+    # Podman uses these (if defined) for overriding
+    # default configuration file locations. This is
+    # explained here:
+    #   https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#user-configuration-files
+    cat > ${D}/home/${USER_TO_ADD_NAME}/.profile << 'EOF'
+export XDG_RUNTIME_DIR=/run/user/$(id -u)
+export XDG_CONFIG_HOME=$HOME/.config
+EOF
+}
+
+FILES:${PN}:append = " ${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}"