GNU bug report logs -
#72740
Add rootless-podman-service-type
Previous Next
Reported by: paul <goodoldpaul <at> autistici.org>
Date: Tue, 20 Aug 2024 23:22:01 UTC
Severity: normal
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Wed, 18 Dec 2024 17:21:50 +0100
with message-id <87r065j71d.fsf_-_ <at> gnu.org>
and subject line Re: bug#72740: Add rootless-podman-service-type
has caused the debbugs.gnu.org bug report #72740,
regarding Add rootless-podman-service-type
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
72740: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=72740
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
Dear Guixers,
I'm sending a patchset adding rootless Podman support to the Guix
System. I'm currently using this on my systems as it's set up in my
personal channel [0]. By adding the following to my own system config
(use-modules (small-guix system accounts)
(small-guix services containers))
(service iptables-service-type)
(service rootless-podman-service-type
(rootless-podman-configuration
(subgids
(list (subid-range (name "alice"))))
(subuids
(list (subid-range (name "alice"))))))
I'm able to run the following rootless Podman hello world
$ podman run -it --rm docker.io/alpine cat /etc/*release*
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.20.2
PRETTY_NAME="Alpine Linux v3.20"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
and with guix shell podman compose I'm able to run this Podman compose
hello world [1]:
$ mkdir data
$ echo hello world > data/index.html
$ podman compose up -d
...
exit code: 0
$ curl localhost:8080
hello world
This patch depends on the subids-service-type from issue #72337 [2].
Please let me know your thoughts.
Thank you for your work,
giacomo
[0]:
https://gitlab.com/orang3/small-guix/-/blob/master/small-guix/services/containers.scm?ref_type=heads#L197
[1]:
https://github.com/fishinthecalculator/rootless-podman-nginx-static-server
[2]: https://issues.guix.gnu.org/72337
[Message part 4 (text/html, inline)]
[Message part 5 (message/rfc822, inline)]
[Message part 6 (text/plain, inline)]
Hi,
Giacomo Leidi <goodoldpaul <at> autistici.org> skribis:
> * gnu/services/containers.scm: New file;
> (rootless-podman-configuration): new variable;
> (rootless-podman-service-subids): new variable;
> (rootless-podman-service-accounts): new variable;
> (rootless-podman-service-profile): new variable;
> (rootless-podman-shepherd-services): new variable;
> (rootless-podman-service-etc): new variable;
> (rootless-podman-service-type): new variable.
> * gnu/local.mk: Test it.
> * gnu/local.mk: Add them.
> * doc/guix.texi (Miscellaneous Services): Document it.
>
> Change-Id: I041496474c1027da353bd6852f2554a065914d7a
Applied at long last, with the changes below to the manual.
Thank you!
Ludo’.
[Message part 7 (text/x-patch, inline)]
diff --git a/doc/guix.texi b/doc/guix.texi
index a05fa68c05..ee2002a712 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -41295,18 +41295,24 @@ Miscellaneous Services
@cindex Rootless Podman
@subsubheading Rootless Podman Service
+@cindex rootless podman, container management tool
+@cindex podman, rootless
+@cindex container management, podman
The @code{(gnu services containers)} module provides the following service.
-@cindex Rootless Podman, container management tool
@defvar rootless-podman-service-type
+This is the service type for @url{https://podman.io, Podman} is a
+container management tool.
-@url{https://www.sylabs.io/singularity/, Singularity} is a container management
-tool. In addition to providing a drop-in replacement for Docker, Podman offers
-the ability to run containers in rootless mode. This allows regular users to
-deploy containers without elevated privileges.
+In addition to providing a drop-in replacement for Docker, Podman offers
+the ability to run containers in ``root-less'' mode, meaning that regular users can
+deploy containers without elevated privileges. It does so mainly by leveraging
+two Linux kernel features: unprivileged user namespaces, and subordinate
+user and group IDs (@pxref{subordinate-user-group-ids, the subordinate
+user and group ID service}).
-The @code{rootless-podman-service-type} sets up the Guix System to allow
+The @code{rootless-podman-service-type} sets up the system to allow
unprivileged users to run @command{podman} commands:
@lisp
@@ -41325,14 +41331,14 @@ Miscellaneous Services
"audio" "video")))
%base-user-accounts))
(services
- (list
- (service iptables-service-type)
- (service rootless-podman-service-type
- (rootless-podman-configuration
- (subgids
- (list (subid-range (name "alice"))))
- (subuids
- (list (subid-range (name "alice")))))))))
+ (append (list (service iptables-service-type)
+ (service rootless-podman-service-type
+ (rootless-podman-configuration
+ (subgids
+ (list (subid-range (name "alice"))))
+ (subuids
+ (list (subid-range (name "alice")))))))
+ %base-services)))
@end lisp
The @code{iptables-service-type} is required for Podman to be able to setup its
This bug report was last modified 195 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.