Integrate podman in Oniro
- Aug 16, 2022
-
-
Andrei Gherzan authoredSigned-off-by:
Andrei Gherzan <andrei.gherzan@huawei.com>e7cc3eae -
Andrei Gherzan authored
Oniro disables user namespaces by default. We want podman be able to override it (re-enable it) when rootless mode is enabled. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>65ce6825 -
Andrei Gherzan authored
Having a priority number makes it easier to order other configurations for achiving overriding results. This also cleans up a bit the recipe (FILES not needed, formatting etc.). Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>cab2e790 -
Andrei Gherzan authored
This is done using the features_check bbclass that checks for the distro features in REQUIRED_DISTRO_FEATURES. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>a65e3e1e -
Andrei Gherzan authored
Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>74484b36 -
Andrei Gherzan authored
This gives a bit more clarity on what is running on a system without sacrificing on flexibility. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>1441ca5d -
Andrei Gherzan authored
This will start pulling in the containers software stack in our reference images. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>5f882e36 -
Andrei Gherzan authored
Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>bac2d7a0 -
Andrei Gherzan authored
Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>15961e1f -
Andrei Gherzan authored
Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>b24c6678 -
Andrei Gherzan authored
This offers the ability to have persistent data for features that requires user data: for example running podman in rootless mode. This change also makes sure that the home directory of user 'oniro' exists on the appdata partition (using systemd tmpfiles). Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>ff2f282d -
Andrei Gherzan authored
Skopeo is the component that podman uses to comunicate with container registries so we configure skopeo for the OS requirements of the project. The most notable change is that we use the application partition for the root's graphroot. This is where the data (including images) is stored for the root user. We also explicitly set the storage driver and runtime directory. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>77d350f8 -
Andrei Gherzan authored
There are files in shadow (for example subid files) that are required at runtime too - for example for podman rootless support. Make sure this package is not removed even when disto/image is dealing with a ro rootfs. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>c3a92bc2 -
Andrei Gherzan authored
Podman requires subids configuration[1] but when creating them, shadow does it using backup files. Clean them up too if available. [1] https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration Signed-off-by:
Andrei Gherzan <andrei.gherzan@huawei.com>d7ce8aa9 -
Andrei Gherzan authored
shadow utils are used when creating users at image creation time. The useradd/usermod tools will only try to add a default configuration for subid files if they exist. subid files are needed for podman rootless support. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>c9af7ceb -
Andrei Gherzan authored
The meta-virtualization layer gets enabled via a distro feature and given that we now rely on its components for the Oniro containers software stack, we enable it by default. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>dd7cf5b9 -
Andrei Gherzan authored
Oniro relies on this layer for containers support. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>5b8b3948 -
Andrei Gherzan authored
Oniro relies on this layer for containers support. Signed-off-by:Andrei Gherzan <andrei.gherzan@huawei.com>4f2cf855
-