pkg/distro: add PodmanDefaultNetBackend to ImageConfig and wire it up

thozza · thozza · commit 65c3a6ed7e6f · 2026-05-28T16:00:47.000+02:00
Add a new ImageConfig option that specifies the default network backend
for Podman. When set and the image embeds container images, the value is
written to /var/lib/containers/storage/defaultNetworkBackend during
image build.

This prevents Podman from falling back to the legacy 'cni' backend when
it finds pre-existing container images in storage, which it interprets
as a system migration.

Signed-off-by: Tomáš Hozza &lt;thozza@redhat.com&gt;
diff --git a/pkg/distro/generic/images.go b/pkg/distro/generic/images.go
@@ -336,6 +336,18 @@ func osCustomizations(t *imageType, osPackageSet rpmmd.PackageSet, options distr
 	osc.Files = append(osc.Files, imageConfig.Files...)
 	osc.Directories = append(osc.Directories, imageConfig.Directories...)
 
+	if len(containers) > 0 && imageConfig.PodmanDefaultNetBackend != nil {
+		var storagePath string
+		if osc.ContainersStorage != nil {
+			storagePath = *osc.ContainersStorage
+		}
+		defaultNetBackendFile, err := container.GenDefaultNetworkBackendFile(storagePath, *imageConfig.PodmanDefaultNetBackend)
+		if err != nil {
+			return osc, fmt.Errorf("generating default network backend file: %w", err)
+		}
+		osc.Files = append(osc.Files, defaultNetBackendFile)
+	}
+
 	if imageConfig.NoBLS != nil {
 		osc.NoBLS = *imageConfig.NoBLS
 	}
diff --git a/pkg/distro/image_config.go b/pkg/distro/image_config.go
@@ -5,6 +5,7 @@ import (
 	"reflect"
 
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/container"
 	"github.com/osbuild/images/pkg/customizations/fsnode"
 	"github.com/osbuild/images/pkg/customizations/oci"
 	"github.com/osbuild/images/pkg/customizations/ostreeserver"
@@ -153,6 +154,15 @@ type ImageConfig struct {
 	// /usr/lib/ostree-boot into bootupd-compatible update metadata.
 	// Only set this to true if the bootupd package is available in the image.
 	BootupdGenMetadata *bool `yaml:"bootupd_gen_metadata,omitempty"`
+
+	// PodmanDefaultNetBackend sets the default network backend for Podman.
+	// The value is written to /var/lib/containers/storage/defaultNetworkBackend
+	// only when the image embeds container images.
+	//
+	// Certain versions of Podman fall back to 'cni' when they find existing
+	// containers in the storage, assuming a migration from an older version.
+	// This option prevents that behavior.
+	PodmanDefaultNetBackend *container.NetworkBackend `yaml:"podman_default_net_backend,omitempty"`
 }
 
 // shallowMerge creates a new struct by merging a child and a parent.
