Share the additional container storage

We need to share container image storage between rootless users, so that we don't need `sudo` and we don't duplicate the `instructlab` image. This change follows the Red Hat solution to [create additional image store for rootless users](https://access.redhat.com/solutions/6206192). The `/usr/lib/containers/storage` folder can be read by anyone and new users will inherit a default configuration via `/etc/skel` that configures the additional storage. Signed-off-by: Fabien Dupont <[email protected]>
containers · Aug 29, 2024 · 90216f7 · 90216f7
1 parent 9f06613
commit 90216f7
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/training/nvidia-bootc/Containerfile b/training/nvidia-bootc/Containerfile
@@ -190,7 +190,10 @@ RUN --mount=type=secret,id=${INSTRUCTLAB_IMAGE_PULL_SECRET}/.dockerconfigjson \
          IID=$(sudo podman --root /usr/lib/containers/storage pull --authfile /run/secrets/${INSTRUCTLAB_IMAGE_PULL_SECRET}/.dockerconfigjson ${INSTRUCTLAB_IMAGE}); \
     else \
          IID=$(sudo podman --root /usr/lib/containers/storage pull ${INSTRUCTLAB_IMAGE}); \
-    fi
+    fi && \
+    chmod -R a+rX /usr/lib/containers/storage
+
+COPY containers-storage.conf /etc/skel/.config/containers/storage.conf
 
 RUN podman system reset --force 2>/dev/null
 

diff --git a/training/nvidia-bootc/containers-storage.conf b/training/nvidia-bootc/containers-storage.conf
@@ -0,0 +1,13 @@
+[storage]
+  driver = "overlay"
+[storage.options]
+    size = ""
+    remap-uids = ""
+    remap-gids = ""
+    ignore_chown_errors = ""
+    remap-user = ""
+    remap-group = ""
+    skip_mount_home = ""
+    mount_program = "/usr/bin/fuse-overlayfs"
+    mountopt = ""
+additionalimagestores = [ "/usr/lib/containers/storage",]