PSA: tools/dev_container is now using rootless podman

['Dennis Kempin' via crosvm-announce]

Hi all,

we are finally able to make the switch to use rootless podman containers for development by default.

`tools/dev_container` will now use podman if it is installed. If you do not have podman installed, please do so. A simple `apt install podman` will do on most debian-ish systems.

Using podman, we no longer rely on privileged docker containers running as root, which comes with all kinds of security concerns.

Please let me know if you encounter any issues with the new container.

Thank you,

Dennis

--
You received this message because you are subscribed to the Google Groups "crosvm-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crosvm-announ...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/crosvm-announce/CA%2BePd7-OUMiE%2BhoPHJ1kP%3DFEUffwRQHXOdLp_z%3DmDAmtS%3DGd5w%40mail.gmail.com.

['Dennis Kempin' via crosvm-announce]

Podman needs to be set up to run rootless, which does not seem to be fully set up on all distributions.

Specifically, glinux does not automatically set up subuids. I will add some logic to our dev container tooling to automate this. 

In the meantime, please follow the rootless setup guide. Or in summary:

```

sudo usermod --add-subuids 500000-565535 --add-subgids 500000-565535 $USER

podman system migrate

```

Thank you!

Dennis

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/crosvm-announce/CA%2BePd78Wx98Oy7VUYKeeXTwizOEFMWgRMGLBFB05-CQCWs3UYg%40mail.gmail.com.