On Mon, Mar 9, 2026 at 4:37 AM Yiding Liu (Fujitsu) <[email protected]> wrote:
> Hi Bruce > > I have read the doc of podman and found some improvement points: > > 1. "The code samples are intended to be run as a non-root user..." is > mentioned in > > Getting Started with Podman | Podman <https://podman.io/docs> > > So, maybe it was suggested to use rootless? > rootless can be an option. But it won't be the meta-virt default. > > > 2. And then in Installation doc, it says > > "slirp4netns is no longer the default for rootless networking on > new podman installations, obsoleted in favor of passt > <https://passt.top/passt/about/>. " > Podman Installation | Podman > <https://podman.io/docs/installation> > > So, I think we should use passt to instead of slirp4netns as > RDPEND for podman in rootless . > No. It still needs to be variable, which someone can tune as they see fit. Redhat has the bad habit of re-writing the stack to where they can control all the elements, the policy of meta-virt has always been to maintain the flexibility of choice. > > 3. By the way, the RDEPEND fuse-overlayfs is an Optional package may > resolve a number of issues, e.g. the one from Ecryptfs, so I think we > should add a PACKAGECONFIG for it. > A packageconfig is fine, but again, not on by default. > > As considering mentioned above, I want to make to new patch for > podman as following: > diff --git a/recipes-containers/podman/podman_git.bb > b/recipes-containers/podman/podman_git.bb > index 53b9b6a0..3ca217cc 100644 > --- a/recipes-containers/podman/podman_git.bb > +++ b/recipes-containers/podman/podman_git.bb > @@ -67,8 +67,9 @@ EXTRA_OEMAKE = " \ > # variable, the podman package will rconfict with docker. > PODMAN_FEATURES ?= "docker" > > -PACKAGECONFIG ?= "" > -PACKAGECONFIG[rootless] = ",,,fuse-overlayfs slirp4netns,," > +PACKAGECONFIG ?= "rootless" > > +PACKAGECONFIG[rootless] = ",,,passt,," > +PACKAGECONFIG[fuse] = ",,,fuse-overlayfs,," > > do_compile() { > cd ${S}/src > @@ -117,11 +118,6 @@ do_install() { > if ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'true', > 'false', d)}; then > install -d "${D}${sysconfdir}/sysctl.d" > install -m 0644 "${UNPACKDIR}/50-podman-rootless.conf" > "${D}${sysconfdir}/sysctl.d" > - install -d "${D}${sysconfdir}/containers" > - cat <<-EOF >> > "${D}${sysconfdir}/containers/containers.conf" > - [NETWORK] > - default_rootless_network_cmd="slirp4netns" > - EOF > fi > } > > What do you think about it. > See above. Bruce > Liu > > ------------------------------ > *发件人:* Bruce Ashfield <[email protected]> > *发送时间:* 2026年3月6日 22:17 > *收件人:* Liu, Yiding/刘 乙丁 <[email protected]> > *抄送:* [email protected] < > [email protected]> > *主题:* Re: Depends about podman rootless > > > > On Fri, Mar 6, 2026 at 2:04 AM Yiding Liu (Fujitsu) < > [email protected]> wrote: > > Hi Bruce > When I try to run container with podman rootless, it showed following > error: > $ podman run -it xxx > Error: could not find pasta, the network namespace can't be configured: > exec: "pasta": executable file not found in $PATH > > Which means pasta is required by podman rootless. > Pasta command is provided by passt recipe, so I want to send a patch to > fix this issue like > > > I'm still attempting to keep all of the networking and > infrastructure dependencies > for the runtimes by variable, even if there's less flexibility now. > > That being said, podman's networking is typically provided by network which > is what the profile's have for that selection. > > This sort of falls into a "support utility" category, and in that case, > it would be > better in the podman recipe itself, under a "rootless" packagecconrfig > option. > > If there needs to be coordination between multiple recipes and packages to > make rootless work, then it could be promoted to a distro or image feature > and then the podman packageconfig could trigger off of that. > > That > > > > > diff --git a/recipes-core/packagegroups/packagegroup-container.bb > b/recipes-core/packagegroups/packagegroup-container.bb > index b94e6799..c861e508 100644 > --- a/recipes-core/packagegroups/packagegroup-container.bb > +++ b/recipes-core/packagegroups/packagegroup-container.bb > @@ -39,6 +39,7 @@ RDEPENDS:packagegroup-docker = " \ > > RDEPENDS:packagegroup-podman = " \ > podman \ > + passt \ > " > > What do you think about my suggestion? > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await thee > at its end > - "Use the force Harry" - Gandalf, Star Trek II > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9629): https://lists.yoctoproject.org/g/meta-virtualization/message/9629 Mute This Topic: https://lists.yoctoproject.org/mt/118167043/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
