From 0bd82bfac22dc0f1b2e332e357b516e097d113f7 Mon Sep 17 00:00:00 2001
From: Robert Sturla <robertsturla@outlook.com>
Date: Tue, 15 Apr 2025 19:20:11 +0100
Subject: [PATCH] chore: add systemd-sysusers configuration

Part of https://github.com/docker/docker-ce-packaging/issues/1186

Adds the required systemd-sysusers configuration to the
moby/moby repo.  This will be used by downstream package
maintainers (RPM, DEB etc) as a replacement to the
`groupadd` postinstall commands.

It's generally recommended to use sysusers since it is
more of a declarative method of defining these service
accounts and groups.

This configuration file specifies a group ("g") named
"docker" should be created with an automatic GID
allocation ("-").

Signed-off-by: Robert Sturla <robertsturla@outlook.com>
---
 contrib/systemd-sysusers/docker.conf | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 contrib/systemd-sysusers/docker.conf

diff --git a/contrib/systemd-sysusers/docker.conf b/contrib/systemd-sysusers/docker.conf
new file mode 100644
index 0000000000..faf1d08921
--- /dev/null
+++ b/contrib/systemd-sysusers/docker.conf
@@ -0,0 +1,9 @@
+#
+# WARNING: the docker group grants root-level privileges
+#
+# For details on how this impacts security in your system, see:
+#
+#    https://docs.docker.com/go/attack-surface/
+#    https://docs.docker.com/go/daemon-access/
+#
+g	docker	-