Summary: Investigate the feasibility and design for adding a unified system-wide configuration file for rootless Podman, providing default settings that can be overridden by user-specific configurations.

Description:

Currently, configuring rootless Podman can sometimes be challenging, especially for system administrators who wish to set default behaviors or restrictions across all rootless users on a system without requiring each user to manually configure their containers.conf. This spike aims to explore the addition of a new, unified configuration file, such as /etc/containers/containers-rootless.conf, that would provide system-wide defaults specifically for rootless Podman environments.

This new configuration file would serve as a baseline, allowing administrators to define common settings for all rootless containers. Critically, these system-wide defaults would be overridden by a rootless user's individual containers.conf file located in their home directory (e.g., ~/.config/containers/containers.conf), if that file exists. This approach ensures flexibility for individual users while providing centralized control for administrators.

This spike is considered an initial step towards a future, more comprehensive rework of Podman's configuration file handling, which may include breaking changes. However, this specific spike and its direct outcome will not introduce any breaking changes to existing configurations or behaviors.

Investigation Scope:

1. Configuration File Location and Naming: Confirm the most appropriate and conventional location and naming for the new system-wide rootless configuration file (e.g., /etc/containers/containers-rootless.conf).

1. Parsing and Precedence Logic:

• • Detail how Podman would parse this new file.

• • Define the exact precedence rules: how would settings in /etc/containers/containers-rootless.conf interact with and be overridden by ~/.config/containers/containers.conf and command-line flags?

• • Consider the interaction with the existing /etc/containers/containers.conf (for rootful Podman) and ensure no unintended side effects.

1. Impact on Existing Codebase: Identify which parts of Podman's configuration loading logic would need modification to support this new file and its precedence rules.

1. Security Implications: Assess any security implications of introducing a system-wide default for rootless users.

1. User Experience and Documentation: How would this new file be documented? What would be the expected user experience for administrators and rootless users?

1. Effort Estimation: Provide a preliminary estimate (e.g., T-shirt size: Small, Medium, Large) for the work required to implement this unified configuration file.

Expected Outcomes:

• A clear design proposal for the unified rootless configuration file, including its location, naming, and parsing logic.

• Defined precedence rules for how the new file interacts with existing configuration sources.

• Identification of necessary code changes and potential complexities.

• A preliminary estimate of the implementation effort.

• A recommendation on whether to proceed with a full implementation story based on the findings.