The whole idea behind commit 66e982af729a4b7 was to set up $HOME and
/home to match the host. Therefore, it's pointless to check if /home
is a symbolic link or not inside the toolbox container. The state of
/home needs to be checked on the host, and then the toolbox container
adjusted accordingly.
Fallout from 8b84b5e4604921fad818ede5267591de7f0993e6
The '--pause' flag for 'podman cp' was only introduced in
podman-1.4.0 [1]. Having it work with older Podman versions is useful
when bisecting regressions.
Fallout from e715ff2f9b2312714e5241ca1f17a126093e64f0
Prevent Podman from complaining about 'podman cp --pause=true ...'
Rootless containers cannot be paused while data is copied into them.
The '--pause' flag used to default to 'true', but it would be silently
ignored until recently [1,2] when it got turned into an error in
podman-1.4.0. Therefore, it has to be explicitly toggled using
'--pause=false'. Otherwise, it would lead to:
toolbox: copying /etc/profile.d/toolbox.sh to container fubar
Error: cannot copy into running rootless container with pause set -
pass --pause=false to force copying
toolbox: unable to copy /etc/profile.d/toolbox.sh to container fubar
The '--pause' flag was latter changed to default to 'false' [3], but
it's good to be defensive and have this addressed from both sides.
Note that 'podman cp --pause false ...' doesn't work. It's necessary to
use the '=' because it gets confused trying to parse the
space-separated source and destination path arguments.
Check if /etc/subgid and /etc/subuid have entries for the user
This is relevant when running on hosts where the current user might
have been created long ago with an old version of shadow-utils, and
the host OS has been upgraded in-place ever since.
Give access to the entire /dev from the host operating system
Things like the proprietary NVIDIA driver need access to devices
directly inside the /dev directory (eg., /dev/nvidia0 and
/dev/nvidiactl), and since such devices can come and go at runtime they
cannot be bind mounted individually. Instead, the entire directory
needs to be made available.
Keep /etc/localtime and /etc/timezone synchronized with the host
The permission of $XDG_RUNTIME_DIR/.flatpak-helper/monitor needs to be
relaxed [1] for this work in some corner cases. However, it already
works for the vast majority of cases when used as $USER or root inside
the toolbox container.