search

osbuild / bootc-image-builder

A container for deploying bootable container images.
https://osbuild.org
Apache License 2.0
136 stars 57 forks source link

Any investigation on using krun (to be able to run bib non-root)? #569

Open cdrage opened 3 months ago

cdrage commented 3 months ago

Tried my hand at using --runtime=krun with bootc-image-builder to get it to work on non-rootless. But got stuck with the "podman needs root" error.

Has anyone tried it with krun (yet)?

podman run \
    --rm --privileged \
    -it --runtime krun --pull=newer \
    -v $(pwd)/output:/output \
    -v ~/.local/share/containers/storage:/var/lib/containers/storage \
    [quay.io/centos-bootc/bootc-image-builder:latest](http://quay.io/centos-bootc/bootc-image-builder:latest) \
    --type qcow2 \
    --local \
    [quay.io/centos-bootc/centos-bootc:stream9](http://quay.io/centos-bootc/centos-bootc:stream9)
2024/07/29 18:37:58 error: cannot validate the setup: this command must be run in rootful (not rootless) podman
mvo5 commented 3 months ago

This sounds very exciting - what version of podman is required to use --runtime=krun ?

cdrage commented 3 months ago

This sounds very exciting - what version of podman is required to use --runtime=krun ?

You will have to install it on fedora:

sudo dnf copr enable -y slp/libkrunfw
sudo dnf copr enable -y slp/libkrun
sudo dnf copr enable -y slp/crun-krun
sudo dnf install -y crun-krun

but I've been using it on podman 5.0.2

cgwalters commented 3 months ago

I think https://github.com/containers/podman-bootc/issues/9 is probably the best place to track this...I don't think we should try to do special magic in this project; it's not the right place. To do sophisticated things here in the end we basically need to start with native code executing in the host, which is not what this project does.