* [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module
@ 2022-07-11 13:00 Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 2/3] podman: Silence docker emulation warnings Andrei Gherzan
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Andrei Gherzan @ 2022-07-11 13:00 UTC (permalink / raw)
To: meta-virtualization; +Cc: andrei, Andrei Gherzan
From: Andrei Gherzan <andrei.gherzan@huawei.com>
slirp4netns uses a TAP device to connect to the internet in an
unprivileged way. Without the required kernel support (TAP/TUN),
slirp4netns will fail at runtime.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
recipes-networking/slirp4netns/slirp4netns_git.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-networking/slirp4netns/slirp4netns_git.bb b/recipes-networking/slirp4netns/slirp4netns_git.bb
index a63871c..4bf25b8 100644
--- a/recipes-networking/slirp4netns/slirp4netns_git.bb
+++ b/recipes-networking/slirp4netns/slirp4netns_git.bb
@@ -18,4 +18,6 @@ DEPENDS = "glib-2.0 libcap libseccomp libslirp"
S = "${WORKDIR}/git"
+RDEPENDS:${PN} += "kernel-module-tun"
+
inherit autotools pkgconfig
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [meta-virtualization][PATCH 2/3] podman: Silence docker emulation warnings
2022-07-11 13:00 [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Andrei Gherzan
@ 2022-07-11 13:00 ` Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode Andrei Gherzan
2022-07-11 13:26 ` [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Bruce Ashfield
2 siblings, 0 replies; 7+ messages in thread
From: Andrei Gherzan @ 2022-07-11 13:00 UTC (permalink / raw)
To: meta-virtualization; +Cc: andrei, Andrei Gherzan
From: Andrei Gherzan <andrei.gherzan@huawei.com>
Podman can run in via a docker symlink emulating docker commands. By
default this generates a runtime warning. This change silences it via
the provided interface.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
recipes-containers/podman/podman_git.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index 547bc4e..961cd18 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -93,6 +93,10 @@ do_install() {
if ${@bb.utils.contains('PACKAGECONFIG', 'docker', 'true', 'false', d)}; then
oe_runmake install.docker DESTDIR="${D}"
fi
+
+ # Silence docker emulation warnings.
+ mkdir -p ${D}/etc/containers
+ touch ${D}/etc/containers/nodocker
}
FILES:${PN} += " \
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode
2022-07-11 13:00 [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 2/3] podman: Silence docker emulation warnings Andrei Gherzan
@ 2022-07-11 13:00 ` Andrei Gherzan
2022-07-11 13:38 ` Bruce Ashfield
2022-07-11 13:26 ` [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Bruce Ashfield
2 siblings, 1 reply; 7+ messages in thread
From: Andrei Gherzan @ 2022-07-11 13:00 UTC (permalink / raw)
To: meta-virtualization; +Cc: andrei, Andrei Gherzan
From: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
docs/00-INDEX | 3 +++
docs/podman.txt | 15 +++++++++++++++
docs/podman.txt.license | 3 +++
.../podman/podman/00-podman-rootless.conf | 6 ++++++
recipes-containers/podman/podman_git.bb | 15 ++++++++++++++-
5 files changed, 41 insertions(+), 1 deletion(-)
create mode 100644 docs/podman.txt
create mode 100644 docs/podman.txt.license
create mode 100644 recipes-containers/podman/podman/00-podman-rootless.conf
diff --git a/docs/00-INDEX b/docs/00-INDEX
index 5aa1b3c..6659fbe 100644
--- a/docs/00-INDEX
+++ b/docs/00-INDEX
@@ -11,5 +11,8 @@ alphabetical order as well.
openvswitch.txt
- example on how to setup openvswitch with qemu/kvm.
+podman.txt
+ - documentation on podman container engine integration.
+
xvisor.txt
- example on how to setup Xvisor for RISC-V QEMU.
diff --git a/docs/podman.txt b/docs/podman.txt
new file mode 100644
index 0000000..9f35501
--- /dev/null
+++ b/docs/podman.txt
@@ -0,0 +1,15 @@
+Podman
+======
+
+Rootless mode
+-------------
+
+Podman is a daemonless container engine that has as one of its features the
+ability to run in rootless mode. This requires a set of configurations and
+additional components. The OE/Yocto integration configures podman with this
+support enabled by default. This can be changed via configuration files
+(distro, local.conf, etc.) or bbaappends using the `PODMAN_ROOTLESS` variable.
+
+To disable rootless support set the variable to '0':
+
+PODMAN_ROOTLESS = "0"
diff --git a/docs/podman.txt.license b/docs/podman.txt.license
new file mode 100644
index 0000000..940435e
--- /dev/null
+++ b/docs/podman.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: Huawei Inc.
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf b/recipes-containers/podman/podman/00-podman-rootless.conf
new file mode 100644
index 0000000..2aca663
--- /dev/null
+++ b/recipes-containers/podman/podman/00-podman-rootless.conf
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# User namespaces are required for rootless containers.
+user.max_user_namespaces = 15000
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index 961cd18..2680f40 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -6,6 +6,10 @@ DESCRIPTION = "Podman is a daemonless container engine for developing, \
`alias docker=podman`. \
"
+# podman can run in rootless mode with the help of additional components:
+# https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
+PODMAN_ROOTLESS ?= "1"
+
inherit features_check
REQUIRED_DISTRO_FEATURES ?= "seccomp ipv6"
@@ -21,6 +25,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd"
SRC_URI = " \
git://github.com/containers/libpod.git;branch=v4.1;protocol=https \
file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
+ ${@bb.utils.contains('PODMAN_ROOTLESS', '1', 'file://00-podman-rootless.conf', '', d)} \
"
LICENSE = "Apache-2.0"
@@ -97,6 +102,11 @@ do_install() {
# Silence docker emulation warnings.
mkdir -p ${D}/etc/containers
touch ${D}/etc/containers/nodocker
+
+ if [ "${PODMAN_ROOTLESS}" = "1" ]; then
+ install -d "${D}${sysconfdir}/sysctl.d"
+ install -m 0644 "${WORKDIR}/00-podman-rootless.conf" "${D}${sysconfdir}/sysctl.d"
+ fi
}
FILES:${PN} += " \
@@ -112,6 +122,9 @@ SYSTEMD_SERVICE:${PN} = "podman.service podman.socket"
# that busybox is configured with nsenter
VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter"
-RDEPENDS:${PN} += "conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter}"
+RDEPENDS:${PN} += "\
+ conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \
+ ${@bb.utils.contains('PODMAN_ROOTLESS', '1', 'fuse-overlayfs slirp4netns', '', d)} \
+"
RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module
2022-07-11 13:00 [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 2/3] podman: Silence docker emulation warnings Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode Andrei Gherzan
@ 2022-07-11 13:26 ` Bruce Ashfield
2022-07-11 13:39 ` Andrei Gherzan
2 siblings, 1 reply; 7+ messages in thread
From: Bruce Ashfield @ 2022-07-11 13:26 UTC (permalink / raw)
To: Andrei Gherzan; +Cc: meta-virtualization, Andrei Gherzan
On Mon, Jul 11, 2022 at 9:00 AM Andrei Gherzan <andrei@gherzan.com> wrote:
>
> From: Andrei Gherzan <andrei.gherzan@huawei.com>
>
> slirp4netns uses a TAP device to connect to the internet in an
> unprivileged way. Without the required kernel support (TAP/TUN),
> slirp4netns will fail at runtime.
>
> Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
> ---
> recipes-networking/slirp4netns/slirp4netns_git.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/recipes-networking/slirp4netns/slirp4netns_git.bb b/recipes-networking/slirp4netns/slirp4netns_git.bb
> index a63871c..4bf25b8 100644
> --- a/recipes-networking/slirp4netns/slirp4netns_git.bb
> +++ b/recipes-networking/slirp4netns/slirp4netns_git.bb
> @@ -18,4 +18,6 @@ DEPENDS = "glib-2.0 libcap libseccomp libslirp"
>
> S = "${WORKDIR}/git"
>
> +RDEPENDS:${PN} += "kernel-module-tun"
This needs to be a RRECOMMENDS, since we can suggest, but not enforce
a specific configuration.
Bruce
> +
> inherit autotools pkgconfig
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7421): https://lists.yoctoproject.org/g/meta-virtualization/message/7421
> Mute This Topic: https://lists.yoctoproject.org/mt/92309173/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode
2022-07-11 13:00 ` [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode Andrei Gherzan
@ 2022-07-11 13:38 ` Bruce Ashfield
2022-07-11 13:44 ` Andrei Gherzan
0 siblings, 1 reply; 7+ messages in thread
From: Bruce Ashfield @ 2022-07-11 13:38 UTC (permalink / raw)
To: Andrei Gherzan, Richard Purdie; +Cc: meta-virtualization, Andrei Gherzan
On Mon, Jul 11, 2022 at 9:00 AM Andrei Gherzan <andrei@gherzan.com> wrote:
>
> From: Andrei Gherzan <andrei.gherzan@huawei.com>
>
> Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
> ---
> docs/00-INDEX | 3 +++
> docs/podman.txt | 15 +++++++++++++++
> docs/podman.txt.license | 3 +++
> .../podman/podman/00-podman-rootless.conf | 6 ++++++
> recipes-containers/podman/podman_git.bb | 15 ++++++++++++++-
> 5 files changed, 41 insertions(+), 1 deletion(-)
> create mode 100644 docs/podman.txt
> create mode 100644 docs/podman.txt.license
> create mode 100644 recipes-containers/podman/podman/00-podman-rootless.conf
>
> diff --git a/docs/00-INDEX b/docs/00-INDEX
> index 5aa1b3c..6659fbe 100644
> --- a/docs/00-INDEX
> +++ b/docs/00-INDEX
> @@ -11,5 +11,8 @@ alphabetical order as well.
> openvswitch.txt
> - example on how to setup openvswitch with qemu/kvm.
>
> +podman.txt
> + - documentation on podman container engine integration.
> +
> xvisor.txt
> - example on how to setup Xvisor for RISC-V QEMU.
> diff --git a/docs/podman.txt b/docs/podman.txt
> new file mode 100644
> index 0000000..9f35501
> --- /dev/null
> +++ b/docs/podman.txt
> @@ -0,0 +1,15 @@
> +Podman
> +======
> +
> +Rootless mode
> +-------------
> +
> +Podman is a daemonless container engine that has as one of its features the
> +ability to run in rootless mode. This requires a set of configurations and
> +additional components. The OE/Yocto integration configures podman with this
> +support enabled by default. This can be changed via configuration files
> +(distro, local.conf, etc.) or bbaappends using the `PODMAN_ROOTLESS` variable.
> +
> +To disable rootless support set the variable to '0':
> +
> +PODMAN_ROOTLESS = "0"
> diff --git a/docs/podman.txt.license b/docs/podman.txt.license
> new file mode 100644
> index 0000000..940435e
> --- /dev/null
> +++ b/docs/podman.txt.license
> @@ -0,0 +1,3 @@
> +SPDX-FileCopyrightText: Huawei Inc.
> +
> +SPDX-License-Identifier: Apache-2.0
I haven't been following along closely enough to the copyright thread
that Richard started, but these jumped out at me.
Aren't most of the .conf files considered MIT (i.e. part of the meta
data / recipe space) ? And are we putting copyright's in conf files
and .txt files now ? I'm definitely not an expert (at all!!) but that
doesn't seem quite right to me, when they are configuration files that
follow standard practices for the packages we are integrating.
> diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf b/recipes-containers/podman/podman/00-podman-rootless.conf
> new file mode 100644
> index 0000000..2aca663
> --- /dev/null
> +++ b/recipes-containers/podman/podman/00-podman-rootless.conf
> @@ -0,0 +1,6 @@
> +# SPDX-FileCopyrightText: Huawei Inc.
> +#
> +# SPDX-License-Identifier: Apache-2.0
> +
> +# User namespaces are required for rootless containers.
> +user.max_user_namespaces = 15000
> diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
> index 961cd18..2680f40 100644
> --- a/recipes-containers/podman/podman_git.bb
> +++ b/recipes-containers/podman/podman_git.bb
> @@ -6,6 +6,10 @@ DESCRIPTION = "Podman is a daemonless container engine for developing, \
> `alias docker=podman`. \
> "
>
> +# podman can run in rootless mode with the help of additional components:
> +# https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
> +PODMAN_ROOTLESS ?= "1"
Isn't there a way to do this with PACKAGECONFIG ? We could just as
easily check for the option in that, and then we have a place for
extra rdepends, etc,as required.
Bruce
> +
> inherit features_check
> REQUIRED_DISTRO_FEATURES ?= "seccomp ipv6"
>
> @@ -21,6 +25,7 @@ SRCREV = "cedbbfa543651a13055a1fe093a4d0a2a28ccdfd"
> SRC_URI = " \
> git://github.com/containers/libpod.git;branch=v4.1;protocol=https \
> file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
> + ${@bb.utils.contains('PODMAN_ROOTLESS', '1', 'file://00-podman-rootless.conf', '', d)} \
> "
>
> LICENSE = "Apache-2.0"
> @@ -97,6 +102,11 @@ do_install() {
> # Silence docker emulation warnings.
> mkdir -p ${D}/etc/containers
> touch ${D}/etc/containers/nodocker
> +
> + if [ "${PODMAN_ROOTLESS}" = "1" ]; then
> + install -d "${D}${sysconfdir}/sysctl.d"
> + install -m 0644 "${WORKDIR}/00-podman-rootless.conf" "${D}${sysconfdir}/sysctl.d"
> + fi
> }
>
> FILES:${PN} += " \
> @@ -112,6 +122,9 @@ SYSTEMD_SERVICE:${PN} = "podman.service podman.socket"
> # that busybox is configured with nsenter
> VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter"
>
> -RDEPENDS:${PN} += "conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter}"
> +RDEPENDS:${PN} += "\
> + conmon virtual-runc iptables cni skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \
> + ${@bb.utils.contains('PODMAN_ROOTLESS', '1', 'fuse-overlayfs slirp4netns', '', d)} \
> +"
> RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
> RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7423): https://lists.yoctoproject.org/g/meta-virtualization/message/7423
> Mute This Topic: https://lists.yoctoproject.org/mt/92309177/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module
2022-07-11 13:26 ` [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Bruce Ashfield
@ 2022-07-11 13:39 ` Andrei Gherzan
0 siblings, 0 replies; 7+ messages in thread
From: Andrei Gherzan @ 2022-07-11 13:39 UTC (permalink / raw)
To: Bruce Ashfield; +Cc: meta-virtualization, Andrei Gherzan
On Mon, 11 Jul 2022, at 14:26, Bruce Ashfield wrote:
> On Mon, Jul 11, 2022 at 9:00 AM Andrei Gherzan <andrei@gherzan.com> wrote:
>>
>> From: Andrei Gherzan <andrei.gherzan@huawei.com>
>>
>> slirp4netns uses a TAP device to connect to the internet in an
>> unprivileged way. Without the required kernel support (TAP/TUN),
>> slirp4netns will fail at runtime.
>>
>> Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
>> ---
>> recipes-networking/slirp4netns/slirp4netns_git.bb | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/recipes-networking/slirp4netns/slirp4netns_git.bb b/recipes-networking/slirp4netns/slirp4netns_git.bb
>> index a63871c..4bf25b8 100644
>> --- a/recipes-networking/slirp4netns/slirp4netns_git.bb
>> +++ b/recipes-networking/slirp4netns/slirp4netns_git.bb
>> @@ -18,4 +18,6 @@ DEPENDS = "glib-2.0 libcap libseccomp libslirp"
>>
>> S = "${WORKDIR}/git"
>>
>> +RDEPENDS:${PN} += "kernel-module-tun"
>
> This needs to be a RRECOMMENDS, since we can suggest, but not enforce
> a specific configuration.
Agreed.
--
Andrei Gherzan
gpg: rsa4096/D4D94F67AD0E9640
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode
2022-07-11 13:38 ` Bruce Ashfield
@ 2022-07-11 13:44 ` Andrei Gherzan
0 siblings, 0 replies; 7+ messages in thread
From: Andrei Gherzan @ 2022-07-11 13:44 UTC (permalink / raw)
To: Bruce Ashfield, Richard Purdie; +Cc: meta-virtualization, Andrei Gherzan
On Mon, 11 Jul 2022, at 14:38, Bruce Ashfield wrote:
> On Mon, Jul 11, 2022 at 9:00 AM Andrei Gherzan <andrei@gherzan.com> wrote:
>>
>> From: Andrei Gherzan <andrei.gherzan@huawei.com>
>>
>> Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
>> ---
>> docs/00-INDEX | 3 +++
>> docs/podman.txt | 15 +++++++++++++++
>> docs/podman.txt.license | 3 +++
>> .../podman/podman/00-podman-rootless.conf | 6 ++++++
>> recipes-containers/podman/podman_git.bb | 15 ++++++++++++++-
>> 5 files changed, 41 insertions(+), 1 deletion(-)
>> create mode 100644 docs/podman.txt
>> create mode 100644 docs/podman.txt.license
>> create mode 100644 recipes-containers/podman/podman/00-podman-rootless.conf
>>
>> diff --git a/docs/00-INDEX b/docs/00-INDEX
>> index 5aa1b3c..6659fbe 100644
>> --- a/docs/00-INDEX
>> +++ b/docs/00-INDEX
>> @@ -11,5 +11,8 @@ alphabetical order as well.
>> openvswitch.txt
>> - example on how to setup openvswitch with qemu/kvm.
>>
>> +podman.txt
>> + - documentation on podman container engine integration.
>> +
>> xvisor.txt
>> - example on how to setup Xvisor for RISC-V QEMU.
>> diff --git a/docs/podman.txt b/docs/podman.txt
>> new file mode 100644
>> index 0000000..9f35501
>> --- /dev/null
>> +++ b/docs/podman.txt
>> @@ -0,0 +1,15 @@
>> +Podman
>> +======
>> +
>> +Rootless mode
>> +-------------
>> +
>> +Podman is a daemonless container engine that has as one of its features the
>> +ability to run in rootless mode. This requires a set of configurations and
>> +additional components. The OE/Yocto integration configures podman with this
>> +support enabled by default. This can be changed via configuration files
>> +(distro, local.conf, etc.) or bbaappends using the `PODMAN_ROOTLESS` variable.
>> +
>> +To disable rootless support set the variable to '0':
>> +
>> +PODMAN_ROOTLESS = "0"
>> diff --git a/docs/podman.txt.license b/docs/podman.txt.license
>> new file mode 100644
>> index 0000000..940435e
>> --- /dev/null
>> +++ b/docs/podman.txt.license
>> @@ -0,0 +1,3 @@
>> +SPDX-FileCopyrightText: Huawei Inc.
>> +
>> +SPDX-License-Identifier: Apache-2.0
>
> I haven't been following along closely enough to the copyright thread
> that Richard started, but these jumped out at me.
>
> Aren't most of the .conf files considered MIT (i.e. part of the meta
> data / recipe space) ? And are we putting copyright's in conf files
> and .txt files now ? I'm definitely not an expert (at all!!) but that
> doesn't seem quite right to me, when they are configuration files that
> follow standard practices for the packages we are integrating.
That is definitely my bad. It should be MIT. I'll re-push with the changed license.
This is following the reuse.software compliance. I've used a separate license file for the txt one so that I don't affect the actual documentation if they get post-processed in any way afterwards - there is no standard for comments in txt files. This is basically saying that given that I don't want to touch file foo, I'll create a foo.license file with the extra SPDX metadata.
>> diff --git a/recipes-containers/podman/podman/00-podman-rootless.conf b/recipes-containers/podman/podman/00-podman-rootless.conf
>> new file mode 100644
>> index 0000000..2aca663
>> --- /dev/null
>> +++ b/recipes-containers/podman/podman/00-podman-rootless.conf
>> @@ -0,0 +1,6 @@
>> +# SPDX-FileCopyrightText: Huawei Inc.
>> +#
>> +# SPDX-License-Identifier: Apache-2.0
>> +
>> +# User namespaces are required for rootless containers.
>> +user.max_user_namespaces = 15000
>> diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
>> index 961cd18..2680f40 100644
>> --- a/recipes-containers/podman/podman_git.bb
>> +++ b/recipes-containers/podman/podman_git.bb
>> @@ -6,6 +6,10 @@ DESCRIPTION = "Podman is a daemonless container engine for developing, \
>> `alias docker=podman`. \
>> "
>>
>> +# podman can run in rootless mode with the help of additional components:
>> +# https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
>> +PODMAN_ROOTLESS ?= "1"
>
> Isn't there a way to do this with PACKAGECONFIG ? We could just as
> easily check for the option in that, and then we have a place for
> extra rdepends, etc,as required.
Good idea. I like that. I'll change it in the next v.
Andrei
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-07-11 13:44 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-11 13:00 [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 2/3] podman: Silence docker emulation warnings Andrei Gherzan
2022-07-11 13:00 ` [meta-virtualization][PATCH 3/3] podman: Add support for rootless mode Andrei Gherzan
2022-07-11 13:38 ` Bruce Ashfield
2022-07-11 13:44 ` Andrei Gherzan
2022-07-11 13:26 ` [meta-virtualization][PATCH 1/3] slirp4netns: Require tun kernel module Bruce Ashfield
2022-07-11 13:39 ` Andrei Gherzan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).