Last active
November 28, 2022 14:22
-
-
Save egrath/ec183383797c7cf6be8170801b6ad3a1 to your computer and use it in GitHub Desktop.
Script for running Debian in Podman
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Debian 11 | |
# | |
# USB Device ACR122 Notes: | |
# | |
# /etc/udev/rules.d/99-acr.rules: | |
# SUBSYSTEM=="usb",ATTRS{idVendor}=="072f",ATTRS{idProduct}=="2200",MODE="0666" | |
# | |
# /etc/modprobe.d/blacklist.conf: | |
# blacklist nfc | |
# blacklist pn533 | |
# blacklist pn533_usb | |
# | |
# Changelog: | |
# | |
# 9.6.2021: Removed the following parameters in favor of --privileged | |
# --cap-add=ALL | |
# --volume /dev/bus/usb:/dev/bus/usb | |
# | |
# 8.6.2022: Added OPT_PARAMS for specifying additional parameters during the creation and execution | |
# of commands in a container. | |
# | |
# Added --annotation run.oci.keep_original_groups=1 allow access to devices which are | |
# restricted by group membership (/dev/dri/card0), as described in | |
# https://www.redhat.com/sysadmin/files-devices-podman | |
# | |
# 20.6.2022: Make the script obey the environment variable IMAGE when creating a new container. | |
# Defaults to debian:bullseye if not set. Useful for recreating the container from | |
# a image. | |
# | |
# 28.11.2022: Allow socket access from inside the container (to run X11 applications) in | |
# RHEL 9 (https://bugzilla.redhat.com/show_bug.cgi?id=1750976) by adding | |
# --security-opt label=disable | |
# | |
NAME=debian11 | |
IMAGE=${IMAGE:-debian:bullseye} | |
OPT_PARAMS=${@:2} | |
if [ "${1}" == "run" ]; then | |
podman start ${NAME} | |
podman exec -it ${OPT_PARAMS} ${NAME} /bin/bash | |
fi | |
if [ "${1}" == "create" ]; then | |
podman run --name ${NAME} \ | |
--tty \ | |
--interactive \ | |
--env DISPLAY \ | |
--volume /tmp/.X11-unix:/tmp/.X11-unix \ | |
--volume /etc/localtime:/etc/localtime:ro \ | |
--volume ${HOME}:/mnt \ | |
--security-opt seccomp=unconfined \ | |
--security-opt label=disable \ | |
--annotation run.oci.keep_original_groups=1 \ | |
--device /dev/dri/card0 \ | |
--device /dev/bus/usb \ | |
${OPT_PARAMS} \ | |
${IMAGE} \ | |
/bin/bash | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment