cmd/run: Don't break GNU Readline's ctrl-p shortcut
Podman sets 'ctrl-p ctrl-q' as the default key sequence for detaching
a container. This breaks the ctrl-p shortcut that's equivalent to the
up arrow key in GNU Readline environments like Bash and Emacs.
Moreoever, toolbox containers aren't meant to be detached in the first
place.
Since Podman 1.8.1, it is now possible to unset the key sequence for
detaching [2, 3].
Unbreak 'sudo' inside toolbox containers with Podman 2.0.5
Since Podman 2.0.5, containers that were created with
'podman create --userns=keep-id ...' automatically get the user added
to /etc/passwd [1]. However, this user isn't as fully configured as it
needs to be. The home directory is specified as '/' and the shell is
/bin/sh.
Note that Podman doesn't add the user's login group to /etc/group [2].
This leads to the following error message when entering the container:
/usr/bin/id: cannot find name for group ID 1000
It's expected that this will be fixed in Podman itself.
Therefore, the entry point needs to call usermod(8) to update the user,
instead of using useradd(8) to create it.
... and other hybrid set-ups where the host and container OSes aren't
the same.
The entry point of a toolbox container already runs as root:root.
Therefore, there's no need to run it with an additional group.
Interactive shells spawned by 'sudo su -' both inside the container
and on the host don't run with such an additional group either. They
run just as root:root.
This prevented toolbox containers from starting up on Fedora CoreOS
hosts, because CoreOS has both the 'sudo' and 'wheel' groups but the
fedora-toolbox images only have the 'wheel' group. Therefore, it
ended up calling 'podman create --group-add sudo ...', and since the
'sudo' group was missing from the image, the container failed to start.
The --group-add flag was added in commit 4bda42d4146f3d3b when the
entry point ran as $USER as specified in the user-specific customized
image. The additional group was specified to retain consistency with
interactive shells run as $USER.
Since then, things have changed. There's no longer any user-specific
customized image and commit f74400f4500f0ed6 made the entry point run
as root:root. The --group-add flag should have been removed as part of
those changes.
profile.d: Warn if $TERM has no terminfo entry in the container
It tries to loosely mimic ncurses to look up a terminfo entry for the
current terminal, as mentioned in the terminfo(5) manual. Unlike
ncurses, it doesn't handle TERMINFO_DIRS, though, to avoid parsing an
array of directories for the sake of simplicity.
Every line of code in this file is part of the interactive shell's
start-up sequence, which makes it a trade-off between correctness and
speed. Therefore, the purpose of this warning is not to exhaustively
catch all possible corner cases, but to serve as a convenience in the
majority of cases. Ultimately, if someone is using an exotic terminal
set-up, then a missing warning is a minor price to pay in order to not
slow things down for the vast majority of users who don't.