Hi,
Brian Cully via "Development of GNU Guix and the GNU System
distribution." <guix-devel@gnu.org> skribis:
> Existing attempts to use podman rootless run into issues with the
> cgroups file system being mounted by elogind. Since we now have
> seatd and greetd, we can bypass elogind. Using them, I have
> finally been able to use rootless podman. Since this is something
> that comes up in IRC with some regularity, I wanted to share the
> operating system configuration here.
Nice, well done!
[...]
> ;;
> ;; not strictly required, but without them podman will resort
> to
> ;; single user mapping.
> ;;
> (simple-service 'subuid-subgid etc-service-type
> (list `("subuid"
> ,(plain-file "subuid"
> (string-join
> '("root:65536:65536"
> "test:16777216:65536")
> "\n" 'suffix)))
> `("subgid"
> ,(plain-file "subgid"
> (string-join
> '("root:65536:65536"
> "test:16777216:65536")
> "\n" 'suffix)))))
OK; that works because we have ‘newuidmap’ and ‘newgidmap’ in
‘setuid-programs’ by default.
Interesting, thanks for sharing!
Ludo’.
