UserNS not supported in pod quadlet file

[podhorsky-ksj]

Issue Description

UserNS not supported in pod quadlet file.
According to https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html, it should be supported

Steps to reproduce the issue

Steps to reproduce the issue
1.Create quadlet file, e.g. nextcloud.pod:

[Pod]
PublishPort=1180:80
PublishPort=9980:9980
UserNS=keep-id:uid=200,gid=210

2. run /usr/lib/systemd/system-generators/podman-system-generator --user --dryrun
3. see error:

converting "nextcloud.pod": unsupported key 'UserNS' in group 'Pod' in /home/nextcloud/.config/containers/systemd/nextcloud.pod

Describe the results you received

UserNS is not supported in pod

Describe the results you expected

UserNS should be supported in pod. E.g here, they use it too, but not in quadled file, but plain podman:
https://wiki.archlinux.org/title/User:Bai-Chiang/Podman_setup_for_nextcloud

podman info output

$ podman info
host:
  arch: amd64
  buildahVersion: 1.37.2
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.12-2.fc40.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: '
  cpuUtilization:
    idlePercent: 96.47
    systemPercent: 1.24
    userPercent: 2.29
  cpus: 4
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: server
    version: "40"
  eventLogger: journald
  freeLocks: 2046
  hostname: server-ksj
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1005
      size: 1
    - container_id: 1
      host_id: 851968
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1005
      size: 1
    - container_id: 1
      host_id: 851968
      size: 65536
  kernel: 6.10.10-200.fc40.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 195006464
  memTotal: 8226529280
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.12.2-2.fc40.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.12.2
    package: netavark-1.12.2-1.fc40.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.12.2
  ociRuntime:
    name: crun
    package: crun-1.17-1.fc40.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.17
      commit: 000fa0d4eeed8938301f3bcf8206405315bc1017
      rundir: /run/user/1005/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240906.g6b38f07-1.fc40.x86_64
    version: |
      pasta 0^20240906.g6b38f07-1.fc40.x86_64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1005/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 16800538624
  swapTotal: 16816005120
  uptime: 3h 32m 16.00s (Approximately 0.12 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
store:
  configFile: /home/nextcloud/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/nextcloud/.local/share/containers/storage
  graphRootAllocated: 239981297664
  graphRootUsed: 51344281600
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 7
  runRoot: /run/user/1005/containers
  transientStore: false
  volumePath: /home/nextcloud/.local/share/containers/storage/volumes
version:
  APIVersion: 5.2.2
  Built: 1724198400
  BuiltTime: Wed Aug 21 02:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.6
  Os: linux
  OsArch: linux/amd64
  Version: 5.2.2

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

[Luap99]

You need to look at the docs for your version, support for many of the keys were just added recently in main
https://docs.podman.io/en/v5.2.2/markdown/podman-systemd.unit.5.html
4fbfa7d

[podhorsky-ksj]

I don't understand. 5.2.2 is the latest released version. Or is the latest the last snapshot/master version?

[Luap99]

latest point to the main branch not released versions, yes
If you want to the latest released version you need to select stable as version.

[podhorsky-ksj]

Can you tell me where? I found the latest version on google as link. I have no idea, where can I find other versions.

[Luap99]

Click on the version in the bottom right corner and then you see the list with all versions.

[podhorsky-ksj]

thanks, I haven't noticed that.