diff mbox series

bug#72740: Add rootless-podman-service-type

Message ID 87r065j71d.fsf_-_@gnu.org
State New
Headers
Series bug#72740: Add rootless-podman-service-type |

Commit Message

Ludovic Courtès Dec. 18, 2024, 4:21 p.m. UTC 
  Hi,

Giacomo Leidi <goodoldpaul@autistici.org> skribis:

> * gnu/services/containers.scm: New file;
> (rootless-podman-configuration): new variable;
> (rootless-podman-service-subids): new variable;
> (rootless-podman-service-accounts): new variable;
> (rootless-podman-service-profile): new variable;
> (rootless-podman-shepherd-services): new variable;
> (rootless-podman-service-etc): new variable;
> (rootless-podman-service-type): new variable.
> * gnu/local.mk: Test it.
> * gnu/local.mk: Add them.
> * doc/guix.texi (Miscellaneous Services): Document it.
>
> Change-Id: I041496474c1027da353bd6852f2554a065914d7a

Applied at long last, with the changes below to the manual.

Thank you!

Ludo’.
diff mbox series

Patch

diff --git a/doc/guix.texi b/doc/guix.texi
index a05fa68c05..ee2002a712 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -41295,18 +41295,24 @@  Miscellaneous Services
 @cindex Rootless Podman
 @subsubheading Rootless Podman Service
 
+@cindex rootless podman, container management tool
+@cindex podman, rootless
+@cindex container management, podman
 The @code{(gnu services containers)} module provides the following service.
 
 
-@cindex Rootless Podman, container management tool
 @defvar rootless-podman-service-type
+This is the service type for @url{https://podman.io, Podman} is a
+container management tool.
 
-@url{https://www.sylabs.io/singularity/, Singularity} is a container management
-tool.  In addition to providing a drop-in replacement for Docker, Podman offers
-the ability to run containers in rootless mode.  This allows regular users to
-deploy containers without elevated privileges.
+In addition to providing a drop-in replacement for Docker, Podman offers
+the ability to run containers in ``root-less'' mode, meaning that regular users can
+deploy containers without elevated privileges.  It does so mainly by leveraging
+two Linux kernel features: unprivileged user namespaces, and subordinate
+user and group IDs (@pxref{subordinate-user-group-ids, the subordinate
+user and group ID service}).
 
-The @code{rootless-podman-service-type} sets up the Guix System to allow
+The @code{rootless-podman-service-type} sets up the system to allow
 unprivileged users to run @command{podman} commands:
 
 @lisp
@@ -41325,14 +41331,14 @@  Miscellaneous Services
                                         "audio" "video")))
                %base-user-accounts))
   (services
-    (list
-      (service iptables-service-type)
-      (service rootless-podman-service-type
-               (rootless-podman-configuration
-                (subgids
-                 (list (subid-range (name "alice"))))
-                (subuids
-                 (list (subid-range (name "alice")))))))))
+    (append (list (service iptables-service-type)
+                  (service rootless-podman-service-type
+                           (rootless-podman-configuration
+                             (subgids
+                               (list (subid-range (name "alice"))))
+                             (subuids
+                               (list (subid-range (name "alice")))))))
+            %base-services)))
 @end lisp
 
 The @code{iptables-service-type} is required for Podman to be able to setup its