From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 11 Jul 2025 19:10:08 +0000 (+0200)
Subject: machined: make registration of unpriv user's VMs/containers work (#37855)
X-Git-Tag: v258-rc1~79
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aac7e892e40b3ebe9d8a07b2d1eac90583f28de9;p=thirdparty%2Fsystemd.git

machined: make registration of unpriv user's VMs/containers work (#37855)

This adds missing glue to reasonably allow unpriv users VMs/containers
to register with the system machined.

This primarily adds two things:

1. machined can now properly track VMs/containers residing in subcgroups
of units, because that's effectively what happens for per-user
VMs/containers: they are placed below the system unit `user@….service`
in some user unit.

2. machines registered with machined now have an owning UID: users can
operate on their own machines withour re-authentication, but not on
others.

Note that this is only a first step regarding machined's hookup of
nspawn/vmspawn in the long run for unpriv operation.

I think eventually we should make it so that there's both a per-user and
a per-system machined instance (so far, and even with this PR there's
still one per-system instance), and per-user containers/VMs would
registering with *both*. Having two instances makes sense I think,
because it would mean we can make machined reasonably manage the
per-user image discovery, and also do the per-system network/hostname
handling.
---

aac7e892e40b3ebe9d8a07b2d1eac90583f28de9