[Podman] Re: podmansh

Lokesh Mandvekar <lmandvek(a)redhat.com&gt; writes: > Hello Felix, > > podmansh was created with the idea of the admin locking down user shell > environments, so installing software (to /usr) by the user itself won't > work. An alternative could be the user installing to a non-standard > location (I think there are some dnf / package manager tricks for this) in > a persistent volume that gets mounted. > > Maybe toolbx (toolbox) could fit your use case if you want user > customizable persistent installation. > > Copying Dan, Petr and Rishi in case they have further ideas. It was discussed in https://github.com/containers/podman/issues/19497 https://github.com/containers/podman/discussions/19620 AFAIK it's quadlet which generates systemd unit for the container and which adds "--rm" option to podman [1] so you would need to skip quadlet and run the container using systemd service. e.g. - use `/usr/lib/systemd/system-generators/podman-system-generator --user --dryrun` to generate systemd unit configuration and save it to `~user/.config/systemd/user/podmansh.service` - change it so it does not call `podman rm` and does not use `--rm` in `podman run` - use a wrapper which would `run || start` on ExecStart Something like the snippet bellow: [Service] ExecStartPre=/usr/bin/mkdir -p %h/data Environment=PODMAN_SYSTEMD_UNIT=%n KillMode=mixed # ExecStop=/usr/bin/podman rm -v -f -i --cidfile=%t/%N.cid # ExecStopPost=-/usr/bin/podman rm -v -f -i --cidfile=%t/%N.cid Delegate=yes Type=notify NotifyAccess=all SyslogIdentifier=%N # ExecStart=/usr/bin/podman run --name=podmansh --cidfile=%t/%N.cid --replace --rm --cgroups=split --init --sdnotify=conmon -d -w=%h -v %h/data:%h:Z registry.fedoraproject.org/fedora sleep infinity ExecStart=/usr/bin/bash -c '/usr/bin/podman run --name=podmansh --cidfile=%t/%N.cid --cgroups=split --init --sdnotify=conmon -d -w=%h -v %h/data:%h:Z registry.fedoraproject.org/fedora sleep infinity || /usr/bin/podman start podmansh' Disclaimer: I haven't really tested it, there might be several issues with this. Persistent containers were not our main goal for `podmansh` [1] https://github.com/containers/podman/blob/c9644ebccf14309a77769cba00833cd... Petr > On Fri, Apr 26, 2024 at 3:20 AM Felix Niederwanger via Podman < > podman(a)lists.podman.io&gt; wrote: > >> Hello, >> >> I'm trying to get podmansh to work in such a way, that every user has a >> persistent container. >> >> I've followed the steps of >> https://docs.podman.io/en/latest/markdown/podmansh.1.html, resulting in a >> nice setup, where at user login every user get's its own container. >> Unfortunately the container for the user session is ephemeral, meaning >> after logging out or system reboot the container is destroyed. >> >> I would like to have a setup, where quadlet setups a base container, but >> then every user can install their own software and environment, which lasts. >> >> Here is the quadlet file I'm currently using: >> >> ``` >> # /etc/containers/systemd/users/podmansh.container >> [Unit] >> Description=podmansh container >> After=local-fs.target >> ExecStartPre=-/bin/mkdir -p %h/data >> >> [Container] >> Image=registry.fedoraproject.org/fedora >> ContainerName=podmansh >> HostName=arctic-fox >> RemapUsers=keep-id >> RunInit=yes >> User=0 >> >> Volume=%h/data:%h:Z >> WorkingDir=%h >> >> Exec=sleep infinity >> >> [Service] >> ExecStartPre=/usr/bin/mkdir -p %h/data >> >> [Install] >> RequiredBy=default.target >> ``` >> >> Anyone an idea how to achieve persistent podmansh containers? >> >> Greetings, >> phoenix >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io >> > > > -- > Lokesh > Libera, GitLab, GitHub, Fedora: lsm5 > Matrix: @lsm5:matrix.org > GPG: 9E33DD8704CC03E2DEB84D9A1C1EDD7CC7C3A0DD > https://keybase.io/lsm5