meta-virtualization.lists.yoctoproject.org archive mirror
 help / color / mirror / Atom feed
From: "Andrei Gherzan" <andrei@gherzan.com>
To: "Bruce Ashfield" <bruce.ashfield@gmail.com>,
	"Richard Purdie" <richard.purdie@linuxfoundation.org>
Cc: meta-virtualization@lists.yoctoproject.org,
	"Andrei Gherzan" <andrei.gherzan@huawei.com>
Subject: Re: [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode
Date: Mon, 11 Jul 2022 14:44:00 +0100	[thread overview]
Message-ID: <38b4f487-5a1f-4542-a533-ac32b7482093@www.fastmail.com> (raw)
In-Reply-To: <CADkTA4NiCLaqUR5=odkgpy41-oQD5oXSnFGgu45qLP+ch7ebbA@mail.gmail.com>

On Mon, 11 Jul 2022, at 14:38, Bruce Ashfield wrote:
> On Mon, Jul 11, 2022 at 9:00 AM Andrei Gherzan <andrei@gherzan.com> wrote:
>>
>> From: Andrei Gherzan <andrei.gherzan@huawei.com>
>>
>> Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
>> ---
>>  docs/00-INDEX                                     |  3 +++
>>  docs/podman.txt                                   | 15 +++++++++++++++
>>  docs/podman.txt.license                           |  3 +++
>>  .../podman/podman/00-podman-rootless.conf         |  6 ++++++
>>  recipes-containers/podman/podman_git.bb           | 15 ++++++++++++++-
>>  5 files changed, 41 insertions(+), 1 deletion(-)
>>  create mode 100644 docs/podman.txt
>>  create mode 100644 docs/podman.txt.license
>>  create mode 100644 recipes-containers/podman/podman/00-podman-rootless.conf
>>
>> diff --git a/docs/00-INDEX b/docs/00-INDEX
>> index 5aa1b3c..6659fbe 100644
>> --- a/docs/00-INDEX
>> +++ b/docs/00-INDEX
>> @@ -11,5 +11,8 @@ alphabetical order as well.
>>  openvswitch.txt
>>         - example on how to setup openvswitch with qemu/kvm.
>>
>> +podman.txt
>> +       - documentation on podman container engine integration.
>> +
>>  xvisor.txt
>>         - example on how to setup Xvisor for RISC-V QEMU.
>> diff --git a/docs/podman.txt b/docs/podman.txt
>> new file mode 100644
>> index 0000000..9f35501
>> --- /dev/null
>> +++ b/docs/podman.txt
>> @@ -0,0 +1,15 @@
>> +Podman
>> +======
>> +
>> +Rootless mode
>> +-------------
>> +
>> +Podman is a daemonless container engine that has as one of its features the
>> +ability to run in rootless mode. This requires a set of configurations and
>> +additional components. The OE/Yocto integration configures podman with this
>> +support enabled by default. This can be changed via configuration files
>> +(distro, local.conf, etc.) or bbaappends using the `PODMAN_ROOTLESS` variable.
>> +
>> +To disable rootless support set the variable to '0':
>> +
>> +PODMAN_ROOTLESS = "0"
>> diff --git a/docs/podman.txt.license b/docs/podman.txt.license
>> new file mode 100644
>> index 0000000..940435e
>> --- /dev/null
>> +++ b/docs/podman.txt.license
>> @@ -0,0 +1,3 @@
>> +SPDX-FileCopyrightText: Huawei Inc.
>> +
>> +SPDX-License-Identifier: Apache-2.0
>
> I haven't been following along closely enough to the copyright thread
> that Richard started, but these jumped out at me.
>
> Aren't most of the .conf files considered MIT (i.e. part of the meta
> data / recipe space) ? And are we putting copyright's in conf files
> and .txt files now ? I'm definitely not an expert (at all!!) but that
> doesn't seem quite right to me, when they are configuration files that
> follow standard practices for the packages we are integrating.

That is definitely my bad. It should be MIT. I'll re-push with the changed license.

This is following the reuse.software compliance. I've used a separate license file for the txt one so that I don't affect the actual documentation if they get post-processed in any way afterwards - there is no standard for comments in txt files. This is basically saying that given that I don't want to touch file foo, I'll create a foo.license file with the extra SPDX metadata.

>> diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf b/recipes-containers/podman/podman/00-podman-rootless.conf
>> new file mode 100644
>> index 0000000..2aca663
>> --- /dev/null
>> +++ b/recipes-containers/podman/podman/00-podman-rootless.conf
>> @@ -0,0 +1,6 @@
>> +# SPDX-FileCopyrightText: Huawei Inc.
>> +#
>> +# SPDX-License-Identifier: Apache-2.0
>> +
>> +# User namespaces are required for rootless containers.
>> +user.max_user_namespaces       = 15000
>> diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
>> index 961cd18..2680f40 100644
>> --- a/recipes-containers/podman/podman_git.bb
>> +++ b/recipes-containers/podman/podman_git.bb
>> @@ -6,6 +6,10 @@ DESCRIPTION = "Podman is a daemonless container engine for developing, \
>>      `alias docker=podman`. \
>>      "
>>
>> +# podman can run in rootless mode with the help of additional components:
>> +# https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
>> +PODMAN_ROOTLESS ?= "1"
>
> Isn't there a way to do this with PACKAGECONFIG ? We could just as
> easily check for the option in that, and then we have a place for
> extra rdepends, etc,as required.

Good idea. I like that. I'll change it in the next v.

Andrei


  reply	other threads:[~2022-07-11 13:44 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-11 13:00 [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 2/3] podman: Silence docker emulation warnings Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode Andrei Gherzan
2022-07-11 13:38   ` Bruce Ashfield
2022-07-11 13:44     ` Andrei Gherzan [this message]
2022-07-11 13:26 ` [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Bruce Ashfield
2022-07-11 13:39   ` Andrei Gherzan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=38b4f487-5a1f-4542-a533-ac32b7482093@www.fastmail.com \
    --to=andrei@gherzan.com \
    --cc=andrei.gherzan@huawei.com \
    --cc=bruce.ashfield@gmail.com \
    --cc=meta-virtualization@lists.yoctoproject.org \
    --cc=richard.purdie@linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).