CI podman detection is not fully reliable

[Noratrieb]

podman is (by design) not fully compatible with docker when it comes to user permissions. Therefore, ./src/ci/docker/run.sh needs to look behind the docker curtain to figure out whether it's actually podman and opt out of the user isolation.

rust/src/ci/docker/run.sh

Lines 219 to 226 in eb76764

	if [[ "$id" != 0 && "$(docker -v)" =~ ^podman ]]; then
	# Rootless podman creates a separate user namespace, where an inner
	# LOCAL_USER_ID will map to a different subuid range on the host.
	# The "keep-id" mode maps the current UID directly into the container.
	args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
	else
	args="$args --env LOCAL_USER_ID=$id"
	fi

With ubuntus docker podman compat package this works fine, because there docker --version prints something containing podman. But if you symlink docker to podman (something NixOS does if you set up docker-podman compat) then docker --version actually prints docker version 4.5.0. Podman outsmarts CI's detection.

I'm not sure about the ideal way to fix this, but docker system --help contains "manage podman" for me, so do whatever you want with this information.

[Noratrieb]

cc @cuviper who added this code

[cuviper]

On Fedora, podman-docker's /usr/bin/docker is a quick shell script to exec /usr/bin/podman. So that process will have a podman argv[0], whereas a symlink will still look like docker. I'm guessing that's what --version is echoing.

Maybe docker version is a better choice? That gives me:

$ docker version
Client:       Podman Engine
Version:      4.5.1
API Version:  4.5.1
Go Version:   go1.20.4
Built:        Fri May 26 10:58:48 2023
OS/Arch:      linux/amd64