Sync common files from infra repository

bootc-dev Bot · cgwalters · commit 24de649d4a72 · 2026-03-04T10:30:04.000-05:00
Synchronized from bootc-dev/infra@61b769a. Signed-off-by: bootc-dev Bot <bot@bootc.dev>
diff --git a/.bootc-dev-infra-commit.txt b/.bootc-dev-infra-commit.txt
@@ -1 +1 @@
-e15b9622fcef58276464960124823108858dc646
+61b769aee4ec165dcbfd993aeaa10a7fae2cb629
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -13,13 +13,16 @@
   },
   "features": {},
   "runArgs": [
-    // Minimal security options for nested podman (avoids --privileged):
-    // - label=disable: Required for mounting /proc in nested user namespace
-    // - unmask=/proc/*: Allows access to /proc paths needed for nested containers
+    // In general we hope that the outer environment has set up
+    // a user namespace to keep this secure.
+    "--cap-add=all",
+    // Required for mounting /proc in nested user namespace
     "--security-opt", "label=disable",
+    // Allows access to /proc paths needed for nested containers
     "--security-opt", "unmask=/proc/*",
     // Device access for nested containers and VMs
     "--device", "/dev/net/tun",
+    // I always want KVM
     "--device", "/dev/kvm"
   ],
   "postCreateCommand": {
diff --git a/.github/actions/bootc-ubuntu-setup/action.yml b/.github/actions/bootc-ubuntu-setup/action.yml
@@ -71,6 +71,7 @@ runs:
       shell: bash
       run: |
         set -xeuo pipefail
+        # renovate: datasource=github-releases depName=bootc-dev/bcvk
         export BCVK_VERSION=0.10.0
         # see https://github.com/bootc-dev/bcvk/issues/176
         /bin/time -f '%E %C' sudo apt install -y libkrb5-dev pkg-config libvirt-dev genisoimage qemu-utils qemu-kvm virtiofsd libvirt-daemon-system python3-virt-firmware

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-e15b9622fcef58276464960124823108858dc646`
	`1`	`+61b769aee4ec165dcbfd993aeaa10a7fae2cb629`