m/node: enable user namespaces in K8s This enables the two feature gates for user namespace support in K8s. We did not previously have a passwd file which caused Go's UserLookup to fail with an unexpected error. Add an mostly-empty placeholder file to placate it. Change-Id: I71a7a6dc889a289512075a25b7e551f2cd65ffb6 Reviewed-on: https://review.monogon.dev/c/monogon/+/3665 Reviewed-by: Tim Windelschmidt <tim@monogon.tech> Tested-by: Jenkins CI

commit: 2ecccae4ff62b687ec5e218349fcf8a42069dfc9 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Wed Nov 27 22:03:35 2024 +0100
committer: Lorenz Brun <lorenz@monogon.tech> Mon Dec 02 16:50:54 2024 +0000
tree: c5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610
parent: d58edf4e2f745427d69ecc72bfe9a9ead69d697d [diff] [blame]
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index 6ae234a..c09ca2d 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel

@@ -33,6 +33,10 @@
     },
 )
 
+exports_files([
+    "passwd",
+])
+
 erofs_image(
     name = "rootfs",
     files = {
@@ -42,6 +46,7 @@
         # These should not be explicitly used by Metropolis code and are only here for compatibility with
         # paths hardcoded by standard libraries (like Go's).
         "@cacerts//file": "/etc/ssl/cert.pem",
+        "//metropolis/node:passwd": "/etc/passwd",
         "//osbase/net/dns:resolv.conf": "/etc/resolv.conf",
         "//osbase/net/dns:hosts": "/etc/hosts",
         ":os-release-info": "/etc/os-release",
commit	2ecccae4ff62b687ec5e218349fcf8a42069dfc9	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Wed Nov 27 22:03:35 2024 +0100
committer	Lorenz Brun <lorenz@monogon.tech>	Mon Dec 02 16:50:54 2024 +0000
tree	c5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610
parent	d58edf4e2f745427d69ecc72bfe9a9ead69d697d [diff] [blame]