docs: imager rootless support

public/talos/v1.13/build-and-extend-talos/custom-images-and-development/overlays.mdx

@@ -94,7 +94,7 @@ export USERNAME=octocat
 export BOARD=nanopi-r5s
 export TAG=664638a
 
-docker run --rm -t -v ./_out:/out -v /dev:/dev --privileged ghcr.io/siderolabs/imager:${TALOS_VERSION} \
+docker run --rm -t -v ./_out:/out ghcr.io/siderolabs/imager:${TALOS_VERSION} \
     "${BOARD}" --arch arm64 \
     --base-installer-image="ghcr.io/siderolabs/installer-base:${TALOS_VERSION}" \
     --overlay-name="${BOARD}" \

public/talos/v1.13/configure-your-talos-cluster/images-container-runtime/image-cache.mdx

@@ -52,7 +52,7 @@ The ISO image can built with the [imager](../../platform-specific-installations/
 <CodeBlock lang="sh">
 {`
 mkdir -p _out/
-docker run --rm -t -v $PWD/_out:/secureboot:ro -v $PWD/_out:/out -v $PWD/image-cache.oci:/image-cache.oci:ro -v /dev:/dev --privileged ghcr.io/siderolabs/imager:${release_v1_13} iso --image-cache /image-cache.oci
+docker run --rm -t -v $PWD/_out:/secureboot:ro -v $PWD/_out:/out -v $PWD/image-cache.oci:/image-cache.oci:ro ghcr.io/siderolabs/imager:${release_v1_13} iso --image-cache /image-cache.oci
 `}
 </CodeBlock>
 
@@ -76,7 +76,7 @@ The disk image can be built with the [imager](../../platform-specific-installati
 <CodeBlock lang="sh">
 {`
 mkdir -p _out/
-docker run --rm -t -v $PWD/_out:/secureboot:ro -v $PWD/_out:/out -v $PWD/image-cache.oci:/image-cache.oci:ro -v /dev:/dev --privileged ghcr.io/siderolabs/imager:${release_v1_13} metal --image-cache /image-cache.oci
+docker run --rm -t -v $PWD/_out:/secureboot:ro -v $PWD/_out:/out -v $PWD/image-cache.oci:/image-cache.oci:ro ghcr.io/siderolabs/imager:${release_v1_13} metal --image-cache /image-cache.oci
 `}
 </CodeBlock>
 

public/talos/v1.13/platform-specific-installations/bare-metal-platforms/metal-network-configuration.mdx

@@ -390,7 +390,7 @@ Following the [boot assets](../../platform-specific-installations/boot-assets) g
 
 <CodeBlock lang="sh">
 {`
-docker run --rm -t -v $PWD/_out:/out -v /dev:/dev --privileged ghcr.io/siderolabs/imager:${release_v1_13} metal --meta "0xa=$(cat network.yaml)"
+docker run --rm -t -v $PWD/_out:/out ghcr.io/siderolabs/imager:${release_v1_13} metal --meta "0xa=$(cat network.yaml)"
 `}
 </CodeBlock>
 

public/talos/v1.13/platform-specific-installations/bare-metal-platforms/network-config.mdx

@@ -66,7 +66,7 @@ The initial platform network configuration for the `metal` platform can be also
 <CodeBlock lang="sh">
 {`
 docker run --rm -i ghcr.io/siderolabs/imager:${release_v1_13} iso --arch amd64 --tar-to-stdout --meta 0x0a='{...}' | tar xz
-docker run --rm -i --privileged ghcr.io/siderolabs/imager:${release_v1_13} image --platform metal --arch amd64 --tar-to-stdout --meta 0x0a='{...}' | tar xz
+docker run --rm -i ghcr.io/siderolabs/imager:${release_v1_13} image --platform metal --arch amd64 --tar-to-stdout --meta 0x0a='{...}' | tar xz
 `}
 </CodeBlock>
 

public/talos/v1.13/platform-specific-installations/boot-assets.mdx

@@ -251,15 +251,15 @@ talosctl upgrade \\
 A custom disk image, boot asset can be generated by using the Talos Linux `imager` container: ghcr.io/siderolabs/imager:{release_v1_13}.
 The `imager` container image can be checked by [verifying its signature](../security/verifying-images).
 
+Imager supports running as rootless container via Podman or Docker without requiring any special privileges.
+
 The generation process can be run with a simple `docker run` command:
 
 <CodeBlock lang="sh">
 {`
 docker run --rm -t \\
   -v "$PWD/_out:/secureboot:ro" \\
   -v "$PWD/_out:/out" \\
-  -v /dev:/dev \\
-  --privileged \\
   ghcr.io/siderolabs/imager:${release_v1_13} \\
   <image-kind> [optional: customization]
 `}
@@ -271,7 +271,6 @@ A quick guide to the flags used for `docker run`:
 * `-t` attaches a terminal for colorized output, it can be removed if used in scripts
 * `-v $PWD/_out:/secureboot:ro` mounts the SecureBoot keys into the container (can be skipped if not generating SecureBoot image)
 * `-v $PWD/_out:/out` mounts the output directory (where the generated image will be placed) into the container
-* `-v /dev:/dev --privileged` is required to generate disk images (loop devices are used), but not required for ISOs, installer container images
 
 The `<image-kind>` argument to the `imager` defines the base profile to be used for the image generation.
 There are several built-in profiles:
@@ -532,8 +531,6 @@ Now we can generate the metal image with the following command:
 {`
 docker run --rm -t \\
   -v "$PWD/_out:/out" \\
-  -v /dev:/dev \\
-  --privileged \\
   ghcr.io/siderolabs/imager:${release_v1_13} \\
   rpi_generic \\
   --arch arm64 \\
@@ -646,8 +643,6 @@ Next, let's generate AWS disk image with that system extension:
 {`
 docker run --rm -t \\
   -v "$PWD/_out:/out" \\
-  -v /dev:/dev \\
-  --privileged \\
   ghcr.io/siderolabs/imager:${release_v1_13} \\
   aws \\
   --system-extension-image ghcr.io/siderolabs/gvisor:20231214.0-${release_v1_13}@sha256:548b2b121611424f6b1b6cfb72a1669421ffaf2f1560911c324a546c7cee655e
@@ -742,7 +737,6 @@ Now we can generate the ISO image which embeds this machine configuration with t
       {`
 docker run --rm -t \\
   -v "$PWD/_out:/out" \\
-  --privileged \\
   ghcr.io/siderolabs/imager:${release_v1_13} \\
   iso \\
   --embedded-config-path=/out/machine.yaml

public/talos/v1.13/platform-specific-installations/single-board-computers/rpi_generic.mdx

@@ -199,7 +199,7 @@ Now we can generate the metal image with the following command:
 
 <CodeBlock lang="sh">
   {`
-$ docker run --rm -t -v $PWD/_out:/out -v /dev:/dev --privileged ghcr.io/siderolabs/imager:${release_v1_13} rpi_generic \
+$ docker run --rm -t -v $PWD/_out:/out ghcr.io/siderolabs/imager:${release_v1_13} rpi_generic \
   --arch arm64 \
   --overlay-image ghcr.io/siderolabs/sbc-raspberrypi:v0.1.0@sha256:849ace01b9af514d817b05a9c5963a35202e09a4807d12f8a3ea83657c76c863 \
   --overlay-name=rpi_generic \