• 82cb5abccd918e03@lemmygrad.ml
    2·
    23 days ago

    Would be pretty useful, as far as I know there is no way to change /etc/{subuid,subgid} in the system configuration without manually editing.

    Another annoyance with podman on guix is making / a shared mount doesn’t work so changes in mounts aren’t propagated.

    • fishinthecalculatorOPEnglish
      2·
      23 days ago

      Would be pretty useful, as far as I know there is no way to change /etc/{subuid,subgid} in the system configuration without manually editing.

      Well I had to make one :) it is being tracked on https://issues.guix.gnu.org/72337 . You can define subuid and subgid ranges like so:

      (use-modules (gnu system shadow)      ;for 'subids-service-type'
                         (gnu system accounts))   ;for 'subid-range'

(operating-system
  (services
    (list
      (simple-service 'alice-bob-subids
                      subids-service-type
                      (subids-extension
                        (subgids
                         (list
                          (subid-range (name "alice"))))
                        (subuids
                         (list
                          (subid-range (name "alice"))
                          (subid-range (name "bob")
                                       (start 100700)))))))))

      which would yield

      # cat /etc/subgid
root:100000:65536
alice:165536:65536


# cat /etc/subuid
root:100000:700
bob:100700:65536
alice:166236:65536

      Another annoyance with podman on guix is making / a shared mount doesn’t work so changes in mounts aren’t propagated.

      I think I solved that by using a Shepherd service run on boot calling mount --make-shared / . I didn’t do extensive testing of mounts but I’m currently using this on my systems as it’s set up in my personal channel. By adding the following to my own system config

      (use-modules (small-guix system accounts)
                         (small-guix services containers))

(service iptables-service-type)
(service rootless-podman-service-type
               (rootless-podman-configuration
                (subgids
                 (list (subid-range (name "alice"))))
                (subuids
                 (list (subid-range (name "alice"))))))

      I’m able to run the following rootless Podman hello world

      $ podman run -it --rm docker.io/alpine cat /etc/*release*
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.20.2
PRETTY_NAME="Alpine Linux v3.20"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"

      and with guix shell podman-compose I’m able to run this Podman compose hello world:

      $ mkdir data
$ echo hello world > data/index.html
$ podman compose up -d

...

exit code: 0
$ curl localhost:8080
hello world

      So some kind of mount appears to work. Thank you for your feedback and feel free to try the service from my own channel if you are interested in providing more or in trying rootless podman on the Guix System.