cosa unprivileged

cosa.md

cosa() {
   env | grep COREOS_ASSEMBLER
   id=$(id -u)
   set -x # so we can see what command gets run
   podman run --rm -ti --security-opt label:disable --privileged \
              --uidmap=${id}:0:1 --uidmap=0:1:${id} \
              -v ${PWD}:/srv/ -v /dev/kvm:/dev/kvm -v /dev/fuse:/dev/fuse --device /dev/kvm \
              --tmpfs /tmp --tmpfs /var/tmp --name cosa \
              ${COREOS_ASSEMBLER_CONFIG_GIT:+-v $COREOS_ASSEMBLER_CONFIG_GIT:/srv/src/config/:ro}   \
              ${COREOS_ASSEMBLER_GIT:+-v $COREOS_ASSEMBLER_GIT/src/:/usr/lib/coreos-assembler/:ro}  \
              ${COREOS_ASSEMBLER_CONTAINER_RUNTIME_ARGS}                                            \
              ${COREOS_ASSEMBLER_CONTAINER:-quay.io/coreos-assembler/coreos-assembler:latest} $@
   rc=$?; set +x; return $rc
}