chore: Improve Podman compose preset and minor refactors

TibixDev · Levev · TibixDev · commit 8eb44eff1bd6 · 2025-11-21T03:03:26.000+02:00
Removed the requirement for slirp4netns, priviliged is no longer required for Podman (actually having it breaks networking in some cases). Since we're no longer priviliged in Podman, we add the `:Z` volume label needed by SELinux.

Co-authored-by: Levev &lt;levvevv@gmail.com&gt;
diff --git a/src/renderer/data/docker.ts b/src/renderer/data/docker.ts
@@ -37,7 +37,7 @@ export const DOCKER_DEFAULT_COMPOSE: ComposeConfig = {
             volumes: [
                 "data:/storage",
                 "${HOME}:/shared",
-                "/dev/bus/usb:/dev/bus/usb", // QEMU Synamic USB Passthrough
+                "/dev/bus/usb:/dev/bus/usb", // QEMU Dynamic USB Passthrough
                 "./oem:/oem",
             ],
             devices: ["/dev/kvm"],
diff --git a/src/renderer/data/podman.ts b/src/renderer/data/podman.ts
@@ -1,7 +1,6 @@
 import { ComposeConfig } from "../../types";
 import { RESTART_ON_FAILURE } from "../lib/constants";
 
-// TODO: investigate whether this approach is even necessary.
 export const PODMAN_DEFAULT_COMPOSE: ComposeConfig = {
     name: "winboat",
     volumes: {
@@ -24,9 +23,7 @@ export const PODMAN_DEFAULT_COMPOSE: ComposeConfig = {
                 HOST_PORTS: "7149",
                 ARGUMENTS: "-qmp tcp:0.0.0.0:7149,server,wait=off",
             },
-            network_mode: "slirp4netns:port_handler=slirp4netns",
             cap_add: ["NET_ADMIN"],
-            privileged: true,
             ports: [
                 "127.0.0.1::8006", // VNC Web Interface
                 "127.0.0.1::7148", // Winboat Guest Server API
@@ -37,10 +34,9 @@ export const PODMAN_DEFAULT_COMPOSE: ComposeConfig = {
             stop_grace_period: "120s",
             restart: RESTART_ON_FAILURE,
             volumes: [
-                "data:/storage",
-                "${HOME}:/shared",
-                "/dev/bus/usb:/dev/bus/usb:rslave", // QEMU Synamic USB Passthrough
-                "./oem:/oem",
+                "data:/storage:Z",
+                "${HOME}:/shared:Z",
+                "./oem:/oem:Z",
             ],
             devices: ["/dev/kvm", "/dev/net/tun", "/dev/bus/usb"],
         },
diff --git a/src/renderer/lib/install.ts b/src/renderer/lib/install.ts
@@ -5,7 +5,7 @@ import { createNanoEvents, type Emitter } from "nanoevents";
 import { Winboat } from "./winboat";
 import { ContainerManager } from "./containers/container";
 import { WinboatConfig } from "./config";
-import { CommonPorts, createContainer, getActiveHostPort } from "./containers/common";
+import { CommonPorts, createContainer, getActiveHostPort, ContainerRuntimes } from "./containers/common";
 
 const fs: typeof import("fs") = require("fs");
 const path: typeof import("path") = require("path");
@@ -46,7 +46,7 @@ export class InstallManager {
         this.state = InstallStates.IDLE;
         this.preinstallMsg = "";
         this.emitter = createNanoEvents<InstallEvents>();
-        this.container = conf.container;
+        this.container = createContainer(conf.container);
     }
 
     changeState(newState: InstallState) {
@@ -99,11 +99,13 @@ export class InstallManager {
 
         // Storage folder mapping
         const storageFolderIdx = composeContent.services.windows.volumes.findIndex(vol => vol.includes("/storage"));
+        const volumeLabel = this.conf.container === ContainerRuntimes.PODMAN ? ":Z" : "";
+        
         if (storageFolderIdx === -1) {
             logger.warn("No /storage volume found in compose template, adding one...");
-            composeContent.services.windows.volumes.push(`${this.conf.installFolder}:/storage`);
+            composeContent.services.windows.volumes.push(`${this.conf.installFolder}:/storage${volumeLabel}`);
         } else {
-            composeContent.services.windows.volumes[storageFolderIdx] = `${this.conf.installFolder}:/storage`;
+            composeContent.services.windows.volumes[storageFolderIdx] = `${this.conf.installFolder}:/storage${volumeLabel}`;
         }
 
         // Home folder mapping
diff --git a/src/renderer/views/Config.vue b/src/renderer/views/Config.vue
@@ -667,11 +667,6 @@ const statAsync = promisify(fs.stat);
 // Emits
 const $emit = defineEmits(["rerender"]);
 
-// Constants
-const HOMEFOLDER_SHARE_STR = "${HOME}:/shared";
-const USB_BUS_PATH = "/dev/bus/usb:/dev/bus/usb";
-const QMP_ARGUMENT = "-qmp tcp:0.0.0.0:7149,server,wait=off"; // 7149 can remain hardcoded as it refers to a guest port
-
 // For Resources
 const compose = ref<ComposeConfig | null>(null);
 const numCores = ref(0);
@@ -713,6 +708,12 @@ const wbConfig = WinboatConfig.getInstance();
 const winboat = Winboat.getInstance();
 const usbManager = USBManager.getInstance();
 
+// Constants
+const HOMEFOLDER_SHARE_STR = winboat.containerMgr!.defaultCompose.services.windows.volumes.find(v => v.startsWith("${HOME}"))!;
+// ^ We have to do this because the Podman and Docker equivalents differ (:Z ending on Podman)
+const USB_BUS_PATH = "/dev/bus/usb:/dev/bus/usb";
+const QMP_ARGUMENT = "-qmp tcp:0.0.0.0:7149,server,wait=off"; // 7149 can remain hardcoded as it refers to a guest port
+
 onMounted(async () => {
     await assignValues();
 });
diff --git a/src/renderer/views/SetupUI.vue b/src/renderer/views/SetupUI.vue
@@ -1068,7 +1068,7 @@ function install() {
         password: password.value,
         shareHomeFolder: homeFolderSharing.value,
         ...(customIsoPath.value ? { customIsoPath: customIsoPath.value } : {}),
-        container: createContainer(containerRuntime.value), // Hardcdde for now
+        container: containerRuntime.value, // Hardcdde for now
     };
 
     const wbConfig = WinboatConfig.getInstance(); // Create winboat config.
diff --git a/src/types.ts b/src/types.ts
@@ -1,5 +1,5 @@
 import { type WindowsVersionKey } from "./renderer/lib/constants";
-import { ContainerManager } from "./renderer/lib/containers/container";
+import { ContainerRuntimes } from "./renderer/lib/containers/common";
 import { type Winboat } from "./renderer/lib/winboat";
 
 export type Specs = {
@@ -20,7 +20,7 @@ export type InstallConfiguration = {
     password: string;
     customIsoPath?: string;
     shareHomeFolder: boolean;
-    container: ContainerManager;
+    container: ContainerRuntimes;
 };
 
 export type WinApp = {
@@ -76,7 +76,7 @@ export type ComposeConfig = {
                 HOST_PORTS: string;
                 [key: string]: string; // Allow additional env vars
             };
-            privileged: boolean;
+            privileged?: boolean;
             ports: Array<string | LongPortMapping>;
             network_mode?: string;
             cap_add: string[];
