mikkel/debate
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: prefer docker over podman for LXC compatibility

Browse source 
Podman rootless mode requires complex uid/gid mapping in LXC
containers. Docker works out of the box with nesting enabled.

Podman still supported as fallback if docker unavailable.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mikkel Georgsen 2026-01-25 20:55:38 +00:00
parent 40bd1ac2aa
commit 4c472d0827
3 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
backend/app/services/sandbox.py
View file

@ -4,9 +4,9 @@ Container-based sandbox for isolated ISO builds.
Runs archiso inside an Arch Linux container, allowing builds Runs archiso inside an Arch Linux container, allowing builds
from any Linux host (Debian, Ubuntu, Fedora, etc.). from any Linux host (Debian, Ubuntu, Fedora, etc.).
Supports both Podman (preferred) and Docker: Supports both Docker (default) and Podman:
- Podman: Rootless by default, no daemon, better security - Docker: Better LXC/nested container compatibility
- Docker: Fallback if Podman not available - Podman: Rootless option if Docker unavailable
Security measures: Security measures:
- --network=none: No network access during build - --network=none: No network access during build
@ -42,14 +42,14 @@ def detect_container_runtime() -> str | None:
""" """
Detect available container runtime. Detect available container runtime.
Prefers Podman for rootless security, falls back to Docker. Prefers Docker for LXC/development compatibility, falls back to Podman.
Returns the command name or None if neither available. Returns the command name or None if neither available.
""" """
# Prefer podman for rootless security # Prefer docker for better LXC compatibility
if shutil.which("podman"):
return "podman"
if shutil.which("docker"): if shutil.which("docker"):
return "docker" return "docker"
if shutil.which("podman"):
return "podman"
return None return None

10
scripts/setup-sandbox.sh
View file

@ -14,13 +14,13 @@ log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
} }
# Detect container runtime (prefer podman) # Detect container runtime (prefer docker for LXC compatibility)
if command -v podman &> /dev/null; then if command -v docker &> /dev/null; then
RUNTIME="podman"
log "Found podman (recommended)"
elif command -v docker &> /dev/null; then
RUNTIME="docker" RUNTIME="docker"
log "Found docker" log "Found docker"
elif command -v podman &> /dev/null; then
RUNTIME="podman"
log "Found podman"
else else
log "ERROR: No container runtime found." log "ERROR: No container runtime found."
log "Install podman (recommended) or docker:" log "Install podman (recommended) or docker:"

8
scripts/test-iso-build.sh
View file

@ -16,11 +16,11 @@ log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
} }
# Detect container runtime # Detect container runtime (prefer docker for LXC compatibility)
if command -v podman &> /dev/null; then if command -v docker &> /dev/null; then
RUNTIME="podman"
elif command -v docker &> /dev/null; then
RUNTIME="docker" RUNTIME="docker"
elif command -v podman &> /dev/null; then
RUNTIME="podman"
else else
log "ERROR: No container runtime found. Install podman or docker." log "ERROR: No container runtime found. Install podman or docker."
exit 1 exit 1