[stable-2.14] ansible-test - Support Podman 4.4.0+

(cherry picked from commit 67d4973)

Co-authored-by: Matt Clay <matt@mystile.com>

changelogs/fragments/ansible-test-podman-chroot.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - ansible-test - Support Podman 4.4.0+ by adding the ``SYS_CHROOT`` capability when running containers.

test/lib/ansible_test/_internal/host_profiles.py

@@ -506,6 +506,13 @@ def get_podman_init_config(self) -> InitConfig:
 
         cgroup_version = get_docker_info(self.args).cgroup_version
 
+        # Podman 4.4.0 updated containers/common to 0.51.0, which removed the SYS_CHROOT capability from the default list.
+        # This capability is needed by services such as sshd, so is unconditionally added here.
+        # See: https://github.com/containers/podman/releases/tag/v4.4.0
+        # See: https://github.com/containers/common/releases/tag/v0.51.0
+        # See: https://github.com/containers/common/pull/1240
+        options.extend(('--cap-add', 'SYS_CHROOT'))
+
         # Without AUDIT_WRITE the following errors may appear in the system logs of a container after attempting to log in using SSH:
         #
         #   fatal: linux_audit_write_entry failed: Operation not permitted