Skip to content

Support rootful podman beaker tests #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: v4
Choose a base branch
from
Draft

Support rootful podman beaker tests #83

wants to merge 4 commits into from

Conversation

@traylenator
Copy link
Contributor

@traylenator traylenator commented Oct 21, 2025

Even a --privileged rootless podman container is unable to do some operations.

If podman_rootful is set true (default false) then /run/podman/podman.socket

What cannot be done in a privileged rootless container ? Obvious one is interact with kernel modules for instance.

The vast majority of modules will be fine with rootless containers and its much closer to what folk typically run on the their laptops so the current behaviour makes a sensible default.

@traylenator traylenator marked this pull request as draft October 21, 2025 19:25
@traylenator traylenator mentioned this pull request Oct 21, 2025
Draft
@traylenator
Support rootful podman
064a04f 
Even a `--privileged` rootless podman container is unable to do some
operations.

If `podman_rootful` is set `true` (default false) then
`/run/podman/podman.socket`

What cannot be done in a privileged rootless container ? Obvious one is
install kernel modules for instance.

The vast majority of modules will be fine with rootless containers and
its much closer to what folk typically run on the their laptops so the
current default makes a sensible default.
bastelfreak
bastelfreak reviewed Oct 21, 2025
View reviewed changes
.github/workflows/beaker.yml
run: |
systemctl start --user podman.socket
echo "DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock" >> "$GITHUB_ENV"
- if: ${{ inputs.podman_rootful }}
Copy link
Member

@bastelfreak bastelfreak Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we skip the action above if rootful is true? We don't need a system- and a user- service

@traylenator
Copy link
Contributor Author

traylenator commented Oct 22, 2025

While this works on my laptap if I set up the podman socket this way it unfortunately hangs when trying the SSH into the container in CI. voxpupuli/puppet-cvmfs#230
Maybe I should just switch to vagrant

@traylenator
Copy link
Contributor Author

traylenator commented Oct 22, 2025

Another alternative, run sudo podman. May as well in reality if attempting to use the root owned socket.

@traylenator traylenator mentioned this pull request Oct 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bastelfreak bastelfreak bastelfreak left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@traylenator @bastelfreak