From 7a83c5020898bd9b32283b36823649023451ff46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Sch=C3=A4r?= <jan@soi.ch>
Date: Fri, 11 Apr 2025 14:19:59 +0200
Subject: [PATCH] Add OS build instructions for Podman

---
 os/readme.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/os/readme.md b/os/readme.md
index 508cab8..a5ca6f4 100644
--- a/os/readme.md
+++ b/os/readme.md
@@ -23,7 +23,7 @@ However, VirtualBox (contained in the installer variant) only works with Secure
 
 ## How to build an ISO
 
-We run the build inside a Docker container, so you need Docker installed on your host.
+We run the build inside a container, so you need Podman (or Docker) installed on your host.
 Building works on Linux hosts, other OSes are untested.
 
 First, obtain the configuration files and put them in the folder `config`.
@@ -32,11 +32,16 @@ If you want to create your own config, see the folder `config-example` for examp
 
 Run the following commands in the repository root folder.
 The `--privileged` flag is needed for mounting `/proc` and similar in the target system root.
+You can try replacing it with `--cap-add=sys_admin,mknod --security-opt apparmor=unconfined` to reduce the privileges.
 
 ```bash
 mkdir -p osbuild/build
+sudo podman pull debian:bookworm
+sudo podman run --rm -it --privileged --mount type=bind,source="$(pwd)",target=/work --workdir /work/osbuild/build debian:bookworm
+
+# Alternative with Docker:
 sudo docker pull debian:bookworm
-sudo docker run --rm -it --privileged --mount type=bind,source="$(pwd)",target=/work --workdir /work debian:bookworm
+sudo docker run --rm -it --privileged --mount type=bind,source="$(pwd)",target=/work --workdir /work/osbuild/build debian:bookworm
 ```
 
 Inside the container, run the following commands.
@@ -50,7 +55,6 @@ apt-get update
 # unzip: for codeblocks plugin
 # build-essential, debhelper: for building custom udeb
 apt-get install --no-install-recommends python3 ca-certificates live-build rsync cpio unzip build-essential debhelper
-cd osbuild/build
 python3 ../../os/build.py training-live
 ```
 
@@ -60,7 +64,7 @@ Once the build is finished, you will find the ISO at `osbuild/build/live-image-a
 
 During development, it's convenient to test the OS in a virtual machine.
 Install QEMU on your host.
-The following commands should be run outside the docker container.
+The following commands should be run outside the container.
 
 ```bash
 # training-live, legacy and EFI boot: