From 4cd0ae17a7923f88d96946925d00c47315c26fc9 Mon Sep 17 00:00:00 2001
From: Christof Marti <chrmarti@microsoft.com>
Date: Fri, 4 Apr 2025 10:31:07 +0200
Subject: [PATCH] Add Podman options

---
 src/spec-node/singleContainer.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/spec-node/singleContainer.ts b/src/spec-node/singleContainer.ts
index 9b0783443..5952e3ea4 100644
--- a/src/spec-node/singleContainer.ts
+++ b/src/spec-node/singleContainer.ts
@@ -409,6 +409,7 @@ while sleep 1 & wait $!; do :; done`, '-']; // `wait $!` allows for the `trap` t
 		...getLabels(labels),
 		...containerEnv,
 		...containerUserArgs,
+		...getPodmanArgs(params),
 		...(config.runArgs || []),
 		...(await extraRunArgs(common, params, config) || []),
 		...featureArgs,
@@ -433,6 +434,13 @@ while sleep 1 & wait $!; do :; done`, '-']; // `wait $!` allows for the `trap` t
 	common.output.stop(text, start);
 }
 
+function getPodmanArgs(params: DockerResolverParameters): string[] {
+	if (params.isPodman && params.common.cliHost.platform === 'linux') {
+		return ['--security-opt', 'label=disable', '--userns=keep-id'];
+	}
+	return [];
+}
+
 function getLabels(labels: string[]): string[] {
 	let result: string[] = [];
 	labels.forEach(each => result.push('-l', each));