Pass supplemental groups when Podman is using crun

This solves the common issue where /dev/vboxusb/* is owned by group
"vboxusers", causing volume mounts to fail when running `toolbox enter`.
Same is true for any other mapped dirs with supplemental group owners.

Author: mwinters0

src/cmd/create.go

@@ -464,6 +464,12 @@ func createContainer(container, image, release, authFile string, showCommandToEn
 		"--volume", runtimeDirectoryMountArg,
 	}...)
 
+	if runtime, _ := podman.GetRuntimeName(); runtime == "crun" {
+		createArgs = append(createArgs, []string{
+			"--group-add", "keep-groups",
+		}...)
+	}
+
 	createArgs = append(createArgs, avahiSocketMount...)
 	createArgs = append(createArgs, kcmSocketMount...)
 	createArgs = append(createArgs, mediaMount...)

src/pkg/podman/podman.go

@@ -213,6 +213,31 @@ func GetImages(args ...string) ([]Image, error) {
 	return images, nil
 }
 
+// GetRuntimeName returns OCI Runtime of Podman in a string
+func GetRuntimeName() (string, error) {
+	var stdout bytes.Buffer
+
+	logLevelString := LogLevel.String()
+	args := []string{"--log-level", logLevelString, "info", "--format", "json"}
+
+	if err := shell.Run("podman", nil, &stdout, nil, args...); err != nil {
+		return "", err
+	}
+
+	var podmanInfo struct {
+		Host struct {
+			OCIRuntime struct {
+				Name string `json:"name"`
+			} `json:"ociRuntime"`
+		} `json:"host"`
+	}
+	if err := json.Unmarshal(stdout.Bytes(), &podmanInfo); err != nil {
+		return "", err
+	}
+
+	return podmanInfo.Host.OCIRuntime.Name, nil
+}
+
 // GetVersion returns version of Podman in a string
 func GetVersion() (string, error) {
 	if podmanVersion != "" {