Look for rootless quadlets in /usr/share/containers/systemd/users

[nickjwhite]

This is a useful place for packagers to put quadlets which they want to make available for all users.

Fixes: #27843

Checklist

Ensure you have completed the following checklist for your pull request to be reviewed:

• Certify you wrote the patch or otherwise have the right to pass it on as an open-source patch by signing all
  commits. (git commit -s). (If needed, use git commit -s --amend). The author email must match
  the sign-off email address. See CONTRIBUTING.md
  for more information.
• Referenced issues using Fixes: #00000 in commit message (if applicable)
• Tests have been added/updated (or no tests are needed)
• Documentation has been updated (or no documentation changes are needed)
• All commits pass make validatepr (format/lint checks)
• Release note entered in the section below (or None if no user-facing changes)

Does this PR introduce a user-facing change?

The /usr/share/containers/systemd/users and /usr/share/containers/systemd/users/${UID} directories are now checked for quadlets. This should be useful for packagers and distributions who want to add quadlets for users. 

[nickjwhite]

Note that I haven't been able to get make validatepr to run on my local machine yet (I'm investigating the error; may end up in a bug report / separate PR if you're lucky), so I didn't tick that checkbox, but the "Cirrus CI / Validate source code changes" CI job succeeded so hopefully that's all OK.

[Honny1]

Thanks, LGTM. I rerun the failed tests.

[Luap99]

cc @ygalblum @p5

[Luap99]

for consistency with /etc should this not also support /usr/share/containers/systemd/users/$UID?

[nickjwhite]

I did consider that when implementing this, and did it at first, but then I decided I don't think it makes sense for the case of /usr. I can't think of a use case where a package would want to have quadlets defined for specific UIDs - in the case of specific UIDs, the /etc route would be better, I'd have thought.

[Luap99]

It is not just packages, in a imaged based/bootc world might want to write there directly and they may very well know the uids in advance.

Also it is about consistency having different behaviours would be more confusing there. In particular a numeric directory name would behave differently as it would not be filtered out

[nickjwhite]

OK, makes sense, thanks for the explanation @Luap99, I'll add that tonight - thanks @ygalblum for the example.

[nickjwhite]

I have just pushed changes so it works like you suggested, and updated the user-facing change text in my initial comment.

Note that this introduces a (very small) change in behaviour; theoretically someone could have put a quadlet in /usr/share/containers/systemd/users/1234/ which would previously have been detected in rootful mode, but with this change it wouldn't be. This would have been a pretty weird thing to do, but I thought I should flag it anyway. This is due to adding the userLevelFilter to /usr/share/containers/systemd/ for rootful mode, now that we support user directories in there.

[ygalblum]

Yes, something like this:

Suggested change

	AppendSubPaths(paths, filepath.Join(UnitDirDistro, "users"), true, nil)
	basePaths := []string{UnitDirAdmin, UnitDirDistro}
	u, err := user.Current()
	if err == nil {
	for _, basePath := range basePaths {
	AppendSubPaths(paths, filepath.Join(basePath, "users"), true, nonNumericFilter)
	AppendSubPaths(paths, filepath.Join(basePath, "users", u.Uid), true, userLevelFilter)
	}
	} else {
	logiface.Errorf("Warning: %v", err)
	// Add the base directory even if the UID was not found
	for _, basePath := range basePaths {
	paths.Add(filepath.Join(basePath, "users"))
	}
	}

[packit-as-a-service]

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

[Honny1]

@containers/podman-maintainers PTAL

[Luap99]

LGTM