Script for running Debian in Podman

debian11.sh

#!/bin/bash
#
# Debian 11
#
# USB Device ACR122 Notes:
# 
# /etc/udev/rules.d/99-acr.rules:
#   SUBSYSTEM=="usb",ATTRS{idVendor}=="072f",ATTRS{idProduct}=="2200",MODE="0666"
#
# /etc/modprobe.d/blacklist.conf:
#   blacklist nfc
#   blacklist pn533
#   blacklist pn533_usb
# 
# Changelog: 
#
# 9.6.2021: Removed the following parameters in favor of --privileged
#           --cap-add=ALL 
#           --volume /dev/bus/usb:/dev/bus/usb
#
# 8.6.2022: Added OPT_PARAMS for specifying additional parameters during the creation and execution
#           of commands in a container.
#
#           Added --annotation run.oci.keep_original_groups=1 allow access to devices which are
#           restricted by group membership (/dev/dri/card0), as described in
#               https://www.redhat.com/sysadmin/files-devices-podman
#
# 20.6.2022: Make the script obey the environment variable IMAGE when creating a new container.
#            Defaults to debian:bullseye if not set. Useful for recreating the container from
#            a image.
#
# 28.11.2022: Allow socket access from inside the container (to run X11 applications) in 
#             RHEL 9 (https://bugzilla.redhat.com/show_bug.cgi?id=1750976) by adding
#             --security-opt label=disable
#

NAME=debian11
IMAGE=${IMAGE:-debian:bullseye}

OPT_PARAMS=${@:2}

if [ "${1}" == "run" ]; then
    podman start ${NAME}
    podman exec -it ${OPT_PARAMS} ${NAME} /bin/bash
fi

if [ "${1}" == "create" ]; then
    podman run --name ${NAME} \
        --tty \
        --interactive \
        --env DISPLAY \
        --volume /tmp/.X11-unix:/tmp/.X11-unix \
        --volume /etc/localtime:/etc/localtime:ro \
        --volume ${HOME}:/mnt \
        --security-opt seccomp=unconfined \
        --security-opt label=disable \
        --annotation run.oci.keep_original_groups=1 \
        --device /dev/dri/card0 \
        --device /dev/bus/usb \
        ${OPT_PARAMS} \
        ${IMAGE} \
        /bin/bash
fi