Feature request: subuid and subgid

[linyinfeng]

It would be great if userborn supports generating /etc/subuid and /etc/subgid.

Rootless podman requires these files to work properly:

$ podman ps
ERRO[0000] cannot find UID/GID for user yinfeng: open /etc/subuid: no such file or directory - check rootless mode in man pages.
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
$ podman run -it --rm debian
✔ docker.io/library/debian:latest
Trying to pull docker.io/library/debian:latest...
Getting image source signatures
Copying blob 8cd46d290033 done   |
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:8cd46d290033f265db57fd808ac81c444ec5a5b3f189c3d6d85043b647336913"/""/"sha256:6abe10f2f60150ae9768e117986e4f8af5546137221553228eb5d21066f596b4": unpacking failed (error: exit status 1; output: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /etc/gshadow: invalid argument)

Nixpkgs module provides the following options for subuid and subgid. These options will be processed by update-users-groups.pl by default.

• users.users.<name>.autoSubUidGidRange
• users.users.<name>.subUidRanges
• users.users.<name>.subGidRanges

[nikstur]

I think this is best solved by statically generating these files e.g. via systemd-tmpfiles. I don't want to touch the rust binary for this.