Add functionality for `podman machine set --rootful`

Adds the functionality for `podman machine set --rootful` for AppleHV,
QEMU, and HyperV. Abstracts the functionality out to a method of
`MachineConfig`. WSL currently uses a function `SetRootful` that is
provided by the `machine` package, which will eventually get changed
when WSL moves to the refactored structure.

Re-enables the "set rootful with docker sock change" test.

[NO NEW TESTS NEEDED]

Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>

.cirrus.yml

@@ -442,50 +442,50 @@ alt_build_task:
 
 
 # Confirm building the remote client, natively on a Mac OS-X VM.
- osx_alt_build_task:
-     name: "OSX Cross"
-     alias: osx_alt_build
-     # Docs: ./contrib/cirrus/CIModes.md
-     only_if: *no_rhel_release  # RHEL never releases podman mac installer binary
-     depends_on:
-         - build
-     persistent_worker: &mac_pw
-         labels:
-             os: darwin
-             arch: arm64
-             purpose: prod
-     env: &mac_env
-         CIRRUS_SHELL: "/bin/bash"  # sh is the default
-         CIRRUS_WORKING_DIR: "$HOME/ci/task-${CIRRUS_TASK_ID}"  # Isolation: $HOME will be set to "ci" dir.
-         # Prevent cache-pollution fron one task to the next.
-         GOPATH: "$CIRRUS_WORKING_DIR/.go"
-         GOCACHE: "$CIRRUS_WORKING_DIR/.go/cache"
-         GOENV: "$CIRRUS_WORKING_DIR/.go/support"
-         GOSRC: "$HOME/ci/task-${CIRRUS_TASK_ID}"
-     # This host is/was shared with potentially many other CI tasks.
-     # The previous task may have been canceled or aborted.
-     prep_script: &mac_cleanup "contrib/cirrus/mac_cleanup.sh"
-     lint_script:
-         - make lint || true  # TODO: Enable when code passes check
-     basic_build_script:
-         - make .install.ginkgo
-         - make podman-remote
-         - make podman-mac-helper
-     build_amd64_script:
-         - make podman-remote-release-darwin_amd64.zip
-     build_arm64_script:
-         - make podman-remote-release-darwin_arm64.zip
-     build_pkginstaller_script:
-         - cd contrib/pkginstaller
-         - make ARCH=amd64 NO_CODESIGN=1 pkginstaller
-         - make ARCH=aarch64 NO_CODESIGN=1 pkginstaller
-     # Produce a new repo.tbz artifact for consumption by dependent tasks.
-     repo_prep_script: *repo_prep
-     repo_artifacts: *repo_artifacts
-     # This host is/was shared with potentially many other CI tasks.
-     # Ensure nothing is left running while waiting for the next task.
-     always:
-         task_cleanup_script: *mac_cleanup
+osx_alt_build_task:
+    name: "OSX Cross"
+    alias: osx_alt_build
+    # Docs: ./contrib/cirrus/CIModes.md
+    only_if: *no_rhel_release  # RHEL never releases podman mac installer binary
+    depends_on:
+        - build
+    persistent_worker: &mac_pw
+        labels:
+            os: darwin
+            arch: arm64
+            purpose: prod
+    env: &mac_env
+        CIRRUS_SHELL: "/bin/bash"  # sh is the default
+        CIRRUS_WORKING_DIR: "$HOME/ci/task-${CIRRUS_TASK_ID}"  # Isolation: $HOME will be set to "ci" dir.
+        # Prevent cache-pollution fron one task to the next.
+        GOPATH: "$CIRRUS_WORKING_DIR/.go"
+        GOCACHE: "$CIRRUS_WORKING_DIR/.go/cache"
+        GOENV: "$CIRRUS_WORKING_DIR/.go/support"
+        GOSRC: "$HOME/ci/task-${CIRRUS_TASK_ID}"
+    # This host is/was shared with potentially many other CI tasks.
+    # The previous task may have been canceled or aborted.
+    prep_script: &mac_cleanup "contrib/cirrus/mac_cleanup.sh"
+    lint_script:
+        - make lint || true  # TODO: Enable when code passes check
+    basic_build_script:
+        - make .install.ginkgo
+        - make podman-remote
+        - make podman-mac-helper
+    build_amd64_script:
+        - make podman-remote-release-darwin_amd64.zip
+    build_arm64_script:
+        - make podman-remote-release-darwin_arm64.zip
+    build_pkginstaller_script:
+        - cd contrib/pkginstaller
+        - make ARCH=amd64 NO_CODESIGN=1 pkginstaller
+        - make ARCH=aarch64 NO_CODESIGN=1 pkginstaller
+    # Produce a new repo.tbz artifact for consumption by dependent tasks.
+    repo_prep_script: *repo_prep
+    repo_artifacts: *repo_artifacts
+    # This host is/was shared with potentially many other CI tasks.
+    # Ensure nothing is left running while waiting for the next task.
+    always:
+        task_cleanup_script: *mac_cleanup
 
 # Build freebsd release natively on a FreeBSD VM.
 #freebsd_alt_build_task:
@@ -774,197 +774,77 @@ podman_machine_aarch64_task:
     always: *int_logs_artifacts
 
 
-<<<<<<< HEAD
-podman_machine_windows_task:
-    name: *std_name_fmt
-    alias: podman_machine_windows
-    # Only run for non-docs/copr PRs and non-release branch builds
-    # and never for tags.  Docs: ./contrib/cirrus/CIModes.md
-    only_if: *machine_cron_not_tag_build_docs
-    depends_on:
-      - alt_build
-      - build
-      - win_installer
-      - local_integration_test
-      - remote_integration_test
-      - container_integration_test
-      - rootless_integration_test
-    ec2_instance:
-        <<: *windows
-        type: m5zn.metal
-        platform: windows
-    env: *winenv
-    matrix:
-      - env:
-          TEST_FLAVOR: "machine-wsl"
-      - env:
-          TEST_FLAVOR: "machine-hyperv"
-    clone_script: *winclone
-    main_script: ".\\repo\\contrib\\cirrus\\win-podman-machine-main.ps1"
+#podman_machine_windows_task:
+#    name: *std_name_fmt
+#    alias: podman_machine_windows
+#    # Only run for non-docs/copr PRs and non-release branch builds
+#    # and never for tags.  Docs: ./contrib/cirrus/CIModes.md
+#    only_if: *not_tag_branch_build_docs
+#    depends_on:
+#      - alt_build
+#      - build
+#      - win_installer
+#      - local_integration_test
+#      - remote_integration_test
+#      - container_integration_test
+#      - rootless_integration_test
+#    ec2_instance:
+#        <<: *windows
+#        type: m5zn.metal
+#        platform: windows
+#    env: *winenv
+#    matrix:
+#      - env:
+#          TEST_FLAVOR: "machine-wsl"
+#      - env:
+#          TEST_FLAVOR: "machine-hyperv"
+#    clone_script: *winclone
+#    main_script: ".\\repo\\contrib\\cirrus\\win-podman-machine-main.ps1"
 
 
-podman_machine_mac_task:
-    name: *std_name_fmt
-    alias: podman_machine_mac
-    only_if: *machine_cron_not_tag_build_docs
-    depends_on:
-      - osx_alt_build
-      - local_integration_test
-      - remote_integration_test
-      - container_integration_test
-      - rootless_integration_test
-    persistent_worker: *mac_pw
-    env:
-        <<: *mac_env
-        # Consumed by podman-machine ginkgo tests
-        CONTAINERS_MACHINE_PROVIDER: "applehv"
-        # TODO: Should not require a special image, for now it does.
-        # Simply remove the line below when a mac image is GA.
-        MACHINE_IMAGE: "https://fedorapeople.org/groups/podman/testing/applehv/arm64/fedora-coreos-38.20230925.dev.0-applehv.aarch64.raw.gz"
-        # Values necessary to populate std_name_fmt alias
-        TEST_FLAVOR: "machine-mac"
-        DISTRO_NV: "darwin"
-        PRIV_NAME: "rootless"  # intended use-case
-    clone_script:  # artifacts from osx_alt_build_task
-        - mkdir -p $CIRRUS_WORKING_DIR
-        - cd $CIRRUS_WORKING_DIR
-        - $ARTCURL/OSX%20Cross/repo/repo.tbz
-        - tar xjf repo.tbz
-    # This host is/was shared with potentially many other CI tasks.
-    # The previous task may have been canceled or aborted.
-    prep_script: *mac_cleanup
-    setup_script: "contrib/cirrus/mac_setup.sh"
-    env_script: "contrib/cirrus/mac_env.sh"
-    # TODO: Timeout bumped b/c initial image download (~5min) and VM
-    #       resize (~2min) causes test-timeout (90s default).  Should
-    #       tests deal with this internally?
-    smoke_test_script:
-        - MACHINE_TEST_TIMEOUT=500 make localmachine FOCUS_FILE="basic_test.go"
-    test_script:
-        - make localmachine
-    # This host is/was shared with potentially many other CI tasks.
-    # Ensure nothing is left running while waiting for the next task.
-    always:
-        task_cleanup_script: *mac_cleanup
-=======
-      #podman_machine_windows_task:
-      #    name: *std_name_fmt
-      #    alias: podman_machine_windows
-      #    # Only run for non-docs/copr PRs and non-release branch builds
-      #    # and never for tags.  Docs: ./contrib/cirrus/CIModes.md
-      #    only_if: *not_tag_branch_build_docs
-      #    depends_on:
-      #      - alt_build
-      #      - build
-      #      - win_installer
-      #      - local_integration_test
-      #      - remote_integration_test
-      #      - container_integration_test
-      #      - rootless_integration_test
-      #    ec2_instance:
-      #        <<: *windows
-      #        type: m5zn.metal
-      #        platform: windows
-      #    env: *winenv
-      #    matrix:
-      #      - env:
-      #          TEST_FLAVOR: "machine-wsl"
-      #      - env:
-      #          TEST_FLAVOR: "machine-hyperv"
-      #    clone_script: *winclone
-      #    main_script: ".\\repo\\contrib\\cirrus\\win-podman-machine-main.ps1"
-
-
-<<<<<<< HEAD
-      #podman_machine_mac_task:
-      #    name: *std_name_fmt
-      #    alias: podman_machine_mac
-      #    only_if: *not_tag_branch_build_docs
-      #    depends_on:
-      #      - osx_alt_build
-      #      - local_integration_test
-      #      - remote_integration_test
-      #      - container_integration_test
-      #      - rootless_integration_test
-      #    persistent_worker: *mac_pw
-      #    env:
-      #        <<: *mac_env
-      #        # Consumed by podman-machine ginkgo tests
-      #        CONTAINERS_MACHINE_PROVIDER: "applehv"
-      #        # TODO: Should not require a special image, for now it does.
-      #        # Simply remove the line below when a mac image is GA.
-      #        MACHINE_IMAGE: "https://fedorapeople.org/groups/podman/testing/applehv/arm64/fedora-coreos-38.20230925.dev.0-applehv.aarch64.raw.gz"
-      #        # Values necessary to populate std_name_fmt alias
-      #        TEST_FLAVOR: "machine-mac"
-      #        DISTRO_NV: "darwin"
-      #        PRIV_NAME: "rootless"  # intended use-case
-      #    clone_script:  # artifacts from osx_alt_build_task
-      #        - mkdir -p $CIRRUS_WORKING_DIR
-      #        - cd $CIRRUS_WORKING_DIR
-      #        - $ARTCURL/OSX%20Cross/repo/repo.tbz
-      #        - tar xjf repo.tbz
-      #    # This host is/was shared with potentially many other CI tasks.
-      #    # The previous task may have been canceled or aborted.
-      #    prep_script: *mac_cleanup
-      #    setup_script: "contrib/cirrus/mac_setup.sh"
-      #    env_script: "contrib/cirrus/mac_env.sh"
-      #    # TODO: Timeout bumped b/c initial image download (~5min) and VM
-      #    #       resize (~2min) causes test-timeout (90s default).  Should
-      #    #       tests deal with this internally?
-      #    smoke_test_script:
-      #        - MACHINE_TEST_TIMEOUT=500 make localmachine FOCUS_FILE="basic_test.go"
-      #    test_script:
-      #        - make localmachine
-      #    # This host is/was shared with potentially many other CI tasks.
-      #    # Ensure nothing is left running while waiting for the next task.
-      #    always:
-      #        task_cleanup_script: *mac_cleanup
->>>>>>> 0ff0e1dfe8 ([CI:MACHINE]Podman5 QEMU refactor)
-=======
-podman_machine_mac_task:
-    name: *std_name_fmt
-    alias: podman_machine_mac
-    only_if: *not_tag_branch_build_docs
-    depends_on:
-      - osx_alt_build
-      - local_integration_test
-      - remote_integration_test
-      - container_integration_test
-      - rootless_integration_test
-    persistent_worker: *mac_pw
-    env:
-        <<: *mac_env
-        # Consumed by podman-machine ginkgo tests
-        CONTAINERS_MACHINE_PROVIDER: "applehv"
-        # TODO: Should not require a special image, for now it does.
-        # Simply remove the line below when a mac image is GA.
-        # MACHINE_IMAGE: "https://fedorapeople.org/groups/podman/testing/applehv/arm64/fedora-coreos-38.20230925.dev.0-applehv.aarch64.raw.gz"
-        # Values necessary to populate std_name_fmt alias
-        TEST_FLAVOR: "machine-mac"
-        DISTRO_NV: "darwin"
-        PRIV_NAME: "rootless"  # intended use-case
-    clone_script:  # artifacts from osx_alt_build_task
-        - mkdir -p $CIRRUS_WORKING_DIR
-        - cd $CIRRUS_WORKING_DIR
-        - $ARTCURL/OSX%20Cross/repo/repo.tbz
-        - tar xjf repo.tbz
-    # This host is/was shared with potentially many other CI tasks.
-    # The previous task may have been canceled or aborted.
-    prep_script: *mac_cleanup
-    setup_script: "contrib/cirrus/mac_setup.sh"
-    env_script: "contrib/cirrus/mac_env.sh"
-    # TODO: Timeout bumped b/c initial image download (~5min) and VM
-    #       resize (~2min) causes test-timeout (90s default).  Should
-    #       tests deal with this internally?
-    smoke_test_script:
-        - MACHINE_TEST_TIMEOUT=500 make localmachine FOCUS_FILE="basic_test.go"
-    test_script:
-        - make localmachine
-    # This host is/was shared with potentially many other CI tasks.
-    # Ensure nothing is left running while waiting for the next task.
-    always:
-        task_cleanup_script: *mac_cleanup
->>>>>>> 09f119d4a6 (Podman Machine AppleHV CI fixes)
+#podman_machine_mac_task:
+#    name: *std_name_fmt
+#    alias: podman_machine_mac
+#    only_if: *not_tag_branch_build_docs
+#    depends_on:
+#      - osx_alt_build
+#      - local_integration_test
+#      - remote_integration_test
+#      - container_integration_test
+#      - rootless_integration_test
+#    persistent_worker: *mac_pw
+#    env:
+#        <<: *mac_env
+#        # Consumed by podman-machine ginkgo tests
+#        CONTAINERS_MACHINE_PROVIDER: "applehv"
+#        # TODO: Should not require a special image, for now it does.
+#        # Simply remove the line below when a mac image is GA.
+#        # MACHINE_IMAGE: "https://fedorapeople.org/groups/podman/testing/applehv/arm64/fedora-coreos-38.20230925.dev.0-applehv.aarch64.raw.gz"
+#        # Values necessary to populate std_name_fmt alias
+#        TEST_FLAVOR: "machine-mac"
+#        DISTRO_NV: "darwin"
+#        PRIV_NAME: "rootless"  # intended use-case
+#    clone_script:  # artifacts from osx_alt_build_task
+#        - mkdir -p $CIRRUS_WORKING_DIR
+#        - cd $CIRRUS_WORKING_DIR
+#        - $ARTCURL/OSX%20Cross/repo/repo.tbz
+#        - tar xjf repo.tbz
+#    # This host is/was shared with potentially many other CI tasks.
+#    # The previous task may have been canceled or aborted.
+#    prep_script: *mac_cleanup
+#    setup_script: "contrib/cirrus/mac_setup.sh"
+#    env_script: "contrib/cirrus/mac_env.sh"
+#    # TODO: Timeout bumped b/c initial image download (~5min) and VM
+#    #       resize (~2min) causes test-timeout (90s default).  Should
+#    #       tests deal with this internally?
+#    smoke_test_script:
+#        - MACHINE_TEST_TIMEOUT=500 make localmachine FOCUS_FILE="basic_test.go"
+#    test_script:
+#        - make localmachine
+#    # This host is/was shared with potentially many other CI tasks.
+#    # Ensure nothing is left running while waiting for the next task.
+#    always:
+#        task_cleanup_script: *mac_cleanup
 
 # Always run subsequent to integration tests.  While parallelism is lost
 # with runtime, debugging system-test failures can be more challenging
@@ -1184,7 +1064,7 @@ success_task:
         - podman_machine_aarch64
         #- podman_machine_windows
         # TODO: Issue #20853; Tests mostly fail then timeout after an hour.
-        - podman_machine_mac
+        # - podman_machine_mac
         - local_system_test
         - local_system_test_aarch64
         - remote_system_test

cmd/podman/machine/set.go

@@ -92,6 +92,7 @@ func setMachine(cmd *cobra.Command, args []string) error {
 		err                error
 		newCPUs, newMemory *uint64
 		newDiskSize        *strongunits.GiB
+		newRootful         *bool
 	)
 
 	vmName := defaultMachineName
@@ -110,7 +111,7 @@ func setMachine(cmd *cobra.Command, args []string) error {
 	}
 
 	if cmd.Flags().Changed("rootful") {
-		mc.HostUser.Rootful = setFlags.Rootful
+		newRootful = &setFlags.Rootful
 	}
 	if cmd.Flags().Changed("cpus") {
 		mc.Resources.CPUs = setFlags.CPUs
@@ -139,7 +140,7 @@ func setMachine(cmd *cobra.Command, args []string) error {
 
 	// At this point, we have the known changed information, etc
 	// Walk through changes to the providers if they need them
-	if err := provider.SetProviderAttrs(mc, newCPUs, newMemory, newDiskSize); err != nil {
+	if err := provider.SetProviderAttrs(mc, newCPUs, newMemory, newDiskSize, newRootful); err != nil {
 		return err
 	}
 

pkg/machine/applehv/stubber.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/strongunits"
 	gvproxy "github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/containers/podman/v4/pkg/machine"
 	"github.com/containers/podman/v4/pkg/machine/applehv/vfkit"
@@ -17,7 +18,6 @@ import (
 	"github.com/containers/podman/v4/pkg/machine/ignition"
 	"github.com/containers/podman/v4/pkg/machine/sockets"
 	"github.com/containers/podman/v4/pkg/machine/vmconfigs"
-	"github.com/containers/podman/v4/pkg/strongunits"
 	"github.com/containers/podman/v4/utils"
 	vfConfig "github.com/crc-org/vfkit/pkg/config"
 	"github.com/sirupsen/logrus"
@@ -79,12 +79,19 @@ func (a AppleHVStubber) RemoveAndCleanMachines(_ *define.MachineDirs) error {
 	return nil
 }
 
-func (a AppleHVStubber) SetProviderAttrs(mc *vmconfigs.MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB) error {
+func (a AppleHVStubber) SetProviderAttrs(mc *vmconfigs.MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB, newRootful *bool) error {
 	if newDiskSize != nil {
 		if err := resizeDisk(mc, *newDiskSize); err != nil {
 			return err
 		}
 	}
+
+	if newRootful != nil && mc.HostUser.Rootful != *newRootful {
+		if err := mc.SetRootful(*newRootful); err != nil {
+			return err
+		}
+	}
+
 	// VFKit does not require saving memory, disk, or cpu
 	return nil
 }

pkg/machine/e2e/set_test.go

@@ -136,8 +136,6 @@ var _ = Describe("podman machine set", func() {
 	})
 
 	It("set rootful with docker sock change", func() {
-		// TODO pipes and docker socks need to plumbed into podman 5 still
-		Skip("Needs to be plumbed in still")
 		name := randomString()
 		i := new(initMachine)
 		session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath)).run()

pkg/machine/hyperv/stubber.go

@@ -6,11 +6,12 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"github.com/Microsoft/go-winio"
 	"os"
 	"os/exec"
 	"path/filepath"
 
+	"github.com/Microsoft/go-winio"
+	"github.com/containers/common/pkg/strongunits"
 	gvproxy "github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/containers/libhvee/pkg/hypervctl"
 	"github.com/containers/podman/v4/pkg/machine"
@@ -18,7 +19,6 @@ import (
 	"github.com/containers/podman/v4/pkg/machine/hyperv/vsock"
 	"github.com/containers/podman/v4/pkg/machine/ignition"
 	"github.com/containers/podman/v4/pkg/machine/vmconfigs"
-	"github.com/containers/podman/v4/pkg/strongunits"
 	"github.com/containers/podman/v4/pkg/systemd/parser"
 	"github.com/sirupsen/logrus"
 )
@@ -290,7 +290,7 @@ func stateConversion(s hypervctl.EnabledState) (define.Status, error) {
 	return define.Unknown, fmt.Errorf("unknown state: %q", s.String())
 }
 
-func (h HyperVStubber) SetProviderAttrs(mc *vmconfigs.MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB) error {
+func (h HyperVStubber) SetProviderAttrs(mc *vmconfigs.MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB, newRootful *bool) error {
 	var (
 		cpuChanged, memoryChanged bool
 	)
@@ -308,14 +308,11 @@ func (h HyperVStubber) SetProviderAttrs(mc *vmconfigs.MachineConfig, cpus, memor
 		return errors.New("unable to change settings unless vm is stopped")
 	}
 
-	// Rootful still needs plumbing
-	//if opts.Rootful != nil && m.Rootful != *opts.Rootful {
-	//	if err := m.setRootful(*opts.Rootful); err != nil {
-	//		setErrors = append(setErrors, fmt.Errorf("failed to set rootful option: %w", err))
-	//	} else {
-	//		m.Rootful = *opts.Rootful
-	//	}
-	//}
+	if newRootful != nil && mc.HostUser.Rootful != *newRootful {
+		if err := mc.SetRootful(*newRootful); err != nil {
+			return err
+		}
+	}
 
 	if newDiskSize != nil {
 		if err := resizeDisk(*newDiskSize, mc.ImagePath); err != nil {

pkg/machine/qemu/stubber.go

@@ -243,12 +243,19 @@ func (q *QEMUStubber) resizeDisk(newSize strongunits.GiB, diskPath *define.VMFil
 	return nil
 }
 
-func (q *QEMUStubber) SetProviderAttrs(mc *vmconfigs.MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB) error {
+func (q *QEMUStubber) SetProviderAttrs(mc *vmconfigs.MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB, newRootful *bool) error {
 	if newDiskSize != nil {
 		if err := q.resizeDisk(*newDiskSize, mc.ImagePath); err != nil {
 			return err
 		}
 	}
+
+	if newRootful != nil && mc.HostUser.Rootful != *newRootful {
+		if err := mc.SetRootful(*newRootful); err != nil {
+			return err
+		}
+	}
+
 	// Because QEMU does nothing with these hardware attributes, we can simply return
 	return nil
 }

pkg/machine/shim/host.go

@@ -373,18 +373,6 @@ func Start(mc *vmconfigs.MachineConfig, mp vmconfigs.VMProvider, dirs *machineDe
 	// if there are generic things that need to be done, a preStart function could be added here
 	// should it be extensive
 
-	// update the podman/docker socket service if the host user has been modified at all (UID or Rootful)
-	if mc.HostUser.Modified {
-		if machine.UpdatePodmanDockerSockService(mc) == nil {
-			// Reset modification state if there are no errors, otherwise ignore errors
-			// which are already logged
-			mc.HostUser.Modified = false
-			if err := mc.Write(); err != nil {
-				logrus.Error(err)
-			}
-		}
-	}
-
 	// releaseFunc is if the provider starts a vm using a go command
 	// and we still need control of it while it is booting until the ready
 	// socket is tripped
@@ -443,5 +431,17 @@ func Start(mc *vmconfigs.MachineConfig, mp vmconfigs.VMProvider, dirs *machineDe
 		opts.NoInfo,
 		mc.HostUser.Rootful,
 	)
+
+	// update the podman/docker socket service if the host user has been modified at all (UID or Rootful)
+	if mc.HostUser.Modified {
+		if machine.UpdatePodmanDockerSockService(mc) == nil {
+			// Reset modification state if there are no errors, otherwise ignore errors
+			// which are already logged
+			mc.HostUser.Modified = false
+			if err := mc.Write(); err != nil {
+				logrus.Error(err)
+			}
+		}
+	}
 	return nil
 }

pkg/machine/vmconfigs/config.go

@@ -114,7 +114,7 @@ type VMProvider interface { //nolint:interfacebloat
 	MountVolumesToVM(mc *MachineConfig, quiet bool) error
 	Remove(mc *MachineConfig) ([]string, func() error, error)
 	RemoveAndCleanMachines(dirs *define.MachineDirs) error
-	SetProviderAttrs(mc *MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB) error
+	SetProviderAttrs(mc *MachineConfig, cpus, memory *uint64, newDiskSize *strongunits.GiB, newRootful *bool) error
 	StartNetworking(mc *MachineConfig, cmd *gvproxy.GvproxyCommand) error
 	PostStartNetworking(mc *MachineConfig) error
 	StartVM(mc *MachineConfig) (func() error, func() error, error)

pkg/machine/vmconfigs/machine.go

@@ -125,6 +125,15 @@ func (mc *MachineConfig) write() error {
 	return os.WriteFile(mc.configPath.GetPath(), b, define.DefaultFilePerm)
 }
 
+func (mc *MachineConfig) SetRootful(rootful bool) error {
+	if err := connection.UpdateConnectionIfDefault(rootful, mc.Name, mc.Name+"-root"); err != nil {
+		return err
+	}
+	mc.HostUser.Rootful = rootful
+	mc.HostUser.Modified = true
+	return nil
+}
+
 func (mc *MachineConfig) removeSystemConnection() error { //nolint:unused
 	return define2.ErrNotImplemented
 }