T7133: Add slirp4netns podman dependency for rootless networking support

[Firefishy]

Change summary

Add slirp4netns podman dependency for rootless networking support

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

https://vyos.dev/T7133

Related PR(s)

How to test / Smoketest result

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[sever-sever]

We build podman from sources https://github.com/vyos/vyos-build/blob/3d24c1077e1a6e368bd380b7a4952d4e4bc4c2e3/scripts/package-build/podman/package.toml#L3

What will solve this PR? Could you provide example of the VyOS CLI where it is used?

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests (no interfaces) ❌ failed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed

[Firefishy]

We build podman from sources https://github.com/vyos/vyos-build/blob/3d24c1077e1a6e368bd380b7a4952d4e4bc4c2e3/scripts/package-build/podman/package.toml#L3

The debian slirp4netns package works with the VyOS build of podman. If VyOS moved to podman 5.x+ then I'd be happy to redo this PR to instead build the passt/pasta package (podman 5.x+ replacement for slirp4netns)

Example run without slirp4netns installed

vyos@gate:~$ podman --version
podman version 4.9.5
vyos@gate:~$ podman run -it --rm ubuntu
Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
[...]
Error: could not find slirp4netns, the network namespace can't be configured: exec: "slirp4netns": executable file not found in $PATH
WARN[0002] Failed to add pause process to systemd sandbox cgroup: dbus: couldn't determine address of session bus
vyos@gate:~$ [failed to start container]

And after install slirp4netns is installed:

vyos@gate:~$ slirp4netns --version
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.4
vyos@gate:~$ podman run -it --rm ubuntu
root@ce94031c9e39:/# echo hello world from container
hello world from container

What will solve this PR? Could you provide example of the VyOS CLI where it is used?

This is a step to allow under privileged users processes to launch containers, rather than current setup where all containers need to be launched by root.

All containers currently run by VyOS run podman as root, the podman process can then set the container to a specific uid as defined by set container name <name> uid <container-uid>, which becomes podman ... --user <container-uid>. The podman process and networking processes are being run as root and podman runs in the host user namespace.

Redhat describes why rootless containers are a good idea better than I could.

[sever-sever]

I’d try to build image with v5 version and check smoke tests.
Are you able to try it?