nixos/podman: Introduce new option `extraRuntimes`. (#443399)

    extraPackages = mkOption {

      type = with types; listOf package;

      default = [ ];

      description = ''

        Extra dependencies for podman to be placed on $PATH in the wrapper.

      '';

    };

    extraRuntimes = mkOption {

      type = with types; listOf package;

      # keep the default in sync with the podman package

      default = lib.optionals pkgs.stdenv.hostPlatform.isLinux [ pkgs.runc ];

      defaultText = lib.literalExpression ''lib.optionals pkgs.stdenv.hostPlatform.isLinux [ pkgs.runc ]'';

      example = lib.literalExpression ''

        [

          pkgs.gvisor

        ]

      '';

      description = ''

        Extra packages to be installed in the Podman wrapper.

        Extra runtime packages to be installed in the Podman wrapper.

        Those are then placed in libexec/podman, i.e. are seen as podman internal commands.

      '';

    };

                config.systemd.package # To allow systemd-based container healthchecks

              ]

              ++ lib.optional (config.boot.supportedFilesystems.zfs or false) config.boot.zfs.package;

            extraRuntimes = [

              pkgs.runc

            ]

            extraRuntimes =

              cfg.extraRuntimes

              ++

                lib.optionals

                  (

          boot.supportedFilesystems = [ "zfs" ];

          networking.hostId = "00000000";

        };

      rootful_norunc =

        { pkgs, ... }:

        {

          virtualisation.podman.enable = true;

          virtualisation.podman.extraRuntimes = [ ];

        };

      rootless =

        { pkgs, ... }:

        {

      rootful.wait_for_unit("sockets.target")

      rootful_norunc.wait_for_unit("sockets.target")

      rootless.wait_for_unit("sockets.target")

      dns.wait_for_unit("sockets.target")

      docker.wait_for_unit("sockets.target")

          rootful.succeed("podman stop sleeping")

          rootful.succeed("podman rm sleeping")

      # now without installed runc

      with subtest("Run runc-less container as root with runc"):

          rootful_norunc.succeed("tar cv --files-from /dev/null | podman import - scratchimg")

          rootful_norunc.fail(

              "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"

          )

      with subtest("Run runc-less container as root with crun"):

          rootful_norunc.succeed("tar cv --files-from /dev/null | podman import - scratchimg")

          rootful_norunc.succeed(

              "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"

          )

          rootful_norunc.succeed("podman ps | grep sleeping")

          rootful_norunc.succeed("podman stop sleeping")

          rootful_norunc.succeed("podman rm sleeping")

      with subtest("Run runc-less container as root with the default backend"):

          rootful_norunc.succeed("tar cv --files-from /dev/null | podman import - scratchimg")

          rootful_norunc.succeed(

              "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"

          )

          rootful_norunc.succeed("podman ps | grep sleeping")

          rootful_norunc.succeed("podman stop sleeping")

          rootful_norunc.succeed("podman rm sleeping")

      # start systemd session for rootless

      rootless.succeed("loginctl enable-linger alice")

      rootless.succeed(su_cmd("whoami"))