git: 2c53428ae117 - main - sysutils/podman: Allow setting ownership on auto-created socket

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dave Cottlehuber <dch_at_FreeBSD.org>
Date: Sun, 22 Feb 2026 19:48:29 UTC
The branch main has been updated by dch:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2c53428ae117108d41eb4e19935ed98b478f4f7f

commit 2c53428ae117108d41eb4e19935ed98b478f4f7f
Author:     Dave Cottlehuber <dch@FreeBSD.org>
AuthorDate: 2026-02-22 19:48:04 +0000
Commit:     Dave Cottlehuber <dch@FreeBSD.org>
CommitDate: 2026-02-22 19:48:04 +0000

    sysutils/podman: Allow setting ownership on auto-created socket
    
    The podman daemon auto-creates a socket on startup, along with parent
    directory, and is always run as root. It is often useful to have another
    proxy like haproxy or nginx provide more sophisticed security, and these
    daemons do not need root privileges.
    
    Differential Revision:  https://reviews.freebsd.org/D55339
    
    Reviewed by:    arrowd
    Approved by:    dfr
---
 sysutils/podman/Makefile        |  2 +-
 sysutils/podman/files/podman.in | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/sysutils/podman/Makefile b/sysutils/podman/Makefile
index 49a8101c3618..8d09cfe3fec0 100644
--- a/sysutils/podman/Makefile
+++ b/sysutils/podman/Makefile
@@ -1,7 +1,7 @@
 PORTNAME=	podman
 DISTVERSIONPREFIX=	v
 DISTVERSION=	5.7.1
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	sysutils
 
 MAINTAINER=	dfr@FreeBSD.org
diff --git a/sysutils/podman/files/podman.in b/sysutils/podman/files/podman.in
index 653f7cd25507..13aa7b8ec94d 100755
--- a/sysutils/podman/files/podman.in
+++ b/sysutils/podman/files/podman.in
@@ -20,9 +20,17 @@ rcvar=${name}_enable
 
 : ${podman_enable:=NO}
 : ${podman_flags:="--noout"}
+: ${podman_user:="www"}
+: ${podman_group:="www"}
+: ${podman_mode:="0770"}
+: ${podman_rundir:="/var/run/podman"}
+: ${podman_socket:="${podman_rundir}/podman.sock"}
+: ${podman_socket_timeout:=5}
 
 podman=%%PREFIX%%/bin/${name}
+start_precmd="podman_prestart"
 start_cmd="podman_start"
+start_postcmd="podman_poststart"
 stop_cmd="podman_stop"
 restart_cmd="podman_stop && podman_start"
 
@@ -31,6 +39,30 @@ container_list=$(
     ${podman} container ls --all --filter restart-policy=always -q \
         | tr '\n' ' ')
 
+podman_prestart()
+{
+    install -d -o ${podman_user} -g ${podman_group} -m ${podman_mode} ${podman_rundir}
+}
+
+podman_poststart()
+{
+    local _timeout=${podman_socket_timeout}
+    local _elapsed=0
+
+    while [ ${_elapsed} -lt ${_timeout} ]; do
+        if [ -S "${podman_socket}" ]; then
+            chown ${podman_user}:${podman_group} "${podman_socket}"
+            chmod ${podman_mode} "${podman_socket}"
+            return 0
+        fi
+        sleep 1
+        _elapsed=$((_elapsed + 1))
+    done
+
+    warn "Timed out waiting for ${podman_socket} after ${_timeout} seconds"
+    return 1
+}
+
 podman_start()
 {
     if [ -n "${container_list}" ]; then