chore: prefer docker over podman for LXC compatibility

Podman rootless mode requires complex uid/gid mapping in LXC containers. Docker works out of the box with nesting enabled. Podman still supported as fallback if docker unavailable. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 20:55:38 +00:00 · 2026-01-25 20:55:38 +00:00 · 4c472d0827
commit 4c472d0827
parent 40bd1ac2aa
3 changed files with 16 additions and 16 deletions
--- a/backend/app/services/sandbox.py
+++ b/backend/app/services/sandbox.py
@ -4,9 +4,9 @@ Container-based sandbox for isolated ISO builds.
 Runs archiso inside an Arch Linux container, allowing builds
 from any Linux host (Debian, Ubuntu, Fedora, etc.).

-Supports both Podman (preferred) and Docker:
- Podman: Rootless by default, no daemon, better security
- Docker: Fallback if Podman not available
+Supports both Docker (default) and Podman:
+- Docker: Better LXC/nested container compatibility
+- Podman: Rootless option if Docker unavailable

 Security measures:
 - --network=none: No network access during build
@ -42,14 +42,14 @@ def detect_container_runtime() -> str | None:
    """
    Detect available container runtime.

-    Prefers Podman for rootless security, falls back to Docker.
+    Prefers Docker for LXC/development compatibility, falls back to Podman.
    Returns the command name or None if neither available.
    """
-    # Prefer podman for rootless security
-    if shutil.which("podman"):
-        return "podman"
+    # Prefer docker for better LXC compatibility
    if shutil.which("docker"):
        return "docker"
+    if shutil.which("podman"):
+        return "podman"
    return None


--- a/scripts/setup-sandbox.sh
+++ b/scripts/setup-sandbox.sh
@ -14,13 +14,13 @@ log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
 }

-# Detect container runtime (prefer podman)
-if command -v podman &> /dev/null; then
-    RUNTIME="podman"
-    log "Found podman (recommended)"
-elif command -v docker &> /dev/null; then
+# Detect container runtime (prefer docker for LXC compatibility)
+if command -v docker &> /dev/null; then
    RUNTIME="docker"
    log "Found docker"
+elif command -v podman &> /dev/null; then
+    RUNTIME="podman"
+    log "Found podman"
 else
    log "ERROR: No container runtime found."
    log "Install podman (recommended) or docker:"
--- a/scripts/test-iso-build.sh
+++ b/scripts/test-iso-build.sh
@ -16,11 +16,11 @@ log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
 }

-# Detect container runtime
-if command -v podman &> /dev/null; then
-    RUNTIME="podman"
-elif command -v docker &> /dev/null; then
+# Detect container runtime (prefer docker for LXC compatibility)
+if command -v docker &> /dev/null; then
    RUNTIME="docker"
+elif command -v podman &> /dev/null; then
+    RUNTIME="podman"
 else
    log "ERROR: No container runtime found. Install podman or docker."
    exit 1