Bring changes up to speed

- Remove old podman fix
- Use tmpfs for inner podman
- Drop fuse

Author: Bownairo

ci/container/Dockerfile

@@ -10,7 +10,7 @@ RUN apt -yq update && \
     apt -yqq install $(sed -e "s/#.*//" "/tmp/$(basename $PACKAGE_FILE)") && \
     rm "/tmp/$(basename $PACKAGE_FILE)"
 
-RUN apt -yqq install --no-install-recommends podman containernetworking-plugins buildah zip fuse-overlayfs xtail
+RUN apt -yqq install --no-install-recommends podman containernetworking-plugins buildah zip xtail
 
 # install afl & gsutils deps for bazel-fuzzers
 RUN curl -L "https://apt.llvm.org/llvm-snapshot.gpg.key" | apt-key add - && \
@@ -137,9 +137,6 @@ USER ubuntu
 ENV PATH=/ic/bin:/home/ubuntu/.cargo/bin:/home/ubuntu/.local/bin:$PATH
 ENV PYTHONPATH=/ic/ci/src:/ic/ci/src/dependencies:$PYTHONPATH
 
-# Make sure we own .local/share
-RUN mkdir -p /home/ubuntu/.local/share
-
 # Pre-populate the Bazel installation for ubuntu
 RUN cd /tmp/bazel && bazel version
 

ci/container/container-run.sh

@@ -135,6 +135,7 @@ PODMAN_RUN_ARGS+=(
     --mount type=bind,source="${ICT_TESTNETS_DIR}",target="${ICT_TESTNETS_DIR}",idmap="${IDMAP}"
     --mount type=bind,source="${HOME}/.ssh",target="${CTR_HOME}/.ssh",idmap="${IDMAP}"
     --mount type=bind,source="${HOME}/.aws",target="${CTR_HOME}/.aws",idmap="${IDMAP}"
+    --mount type=tmpfs,target="/home/ubuntu/.local/share/containers"
 )
 
 if [ "$(id -u)" = "1000" ]; then

ic-os/components/guestos/selinux/prep.sh

@@ -12,9 +12,5 @@ sed -e 's/detected_mods := \(.*\)/detected_mods := $(sort \1)/' -i /usr/share/se
 # Build SELinux modules
 make -f /usr/share/selinux/devel/Makefile
 
-# Force unsharing of directory -- seems to be a docker bug
-mv /var/lib/selinux/default/active /var/lib/selinux/default/active.unshare
-mv /var/lib/selinux/default/active.unshare /var/lib/selinux/default/active
-
 # Install them
 semodule -i *.pp