yellow: Install Podman

Podman will provide the container runtime for Home Assistant et al.
Some additional kernel features are required to run containers.

yellow/install.packages

@@ -0,0 +1 @@
+app-containers/podman

yellow/linux.config

@@ -54,3 +54,8 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # DEFAULT_SECURITY_DAC is not set
+
+CONFIG_POSIX_MQUEUE=y
+CONFIG_MEMCG=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_BLK_CGROUP=y

yellow/overlay/etc/containers/policy.json

@@ -0,0 +1,32 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports": {
+        "docker": {
+	    "registry.access.redhat.com": [
+		{
+		    "type": "signedBy",
+		    "keyType": "GPGKeys",
+		    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+		}
+	    ],
+	    "registry.redhat.io": [
+		{
+		    "type": "signedBy",
+		    "keyType": "GPGKeys",
+		    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+		}
+	    ]
+	},
+        "docker-daemon": {
+	    "": [
+		{
+		    "type": "insecureAcceptAnything"
+		}
+	    ]
+	}
+    }
+}

yellow/overlay/etc/containers/registries.conf

@@ -0,0 +1 @@
+unqualified-search-registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org']

yellow/portage/target/etc/portage/package.use/iptables

@@ -0,0 +1 @@
+net-firewall/iptables conntrack nftables