[CI:DOCS] Update podman image Dockerfile to support Podman in container #9956
Conversation
openshift-ci-robot
added
the
approved
|
LGTM for me. Compose test is failing elsewhere, likely unrelated. |
rhatdan
changed the title
rhatdan
changed the title
|
@giuseppe @umohnani8 PTAL |
| echo podman:10000:5000 > /etc/subuid; \ | ||
| echo podman:10000:5000 > /etc/subgid; | ||
|
|
There was a problem hiding this comment.
Just something to think about, not blocking for this PR but that we probably want to address in future.
With such ranges specified:
- If the outer Podman doesn't run in a user namespace, all the inner Podman will end up using the same IDs.
- If the outer Podman runs in a user namespace, there won't likely be enough IDs to satisfy this request.
If we want to address the first scenario, we could probably fix it at runtime, and have the entrypoint script generate these entries with a random initial ID.
There was a problem hiding this comment.
Yes I think in the long run we want to make this more flexible, some how, But for now, we want to get to the point that we have an image which people can experiment with.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
LGTM |
rhatdan
changed the title
[NO TEST NEEDED] Can not test this in CI/CD system since it needs to be merged in order for the Dockerfiles to even work. Modified the /etc/subuid and /etc/subgid to be able to run in rootless containers. The Range can not be the same as on the host. Add /home/podman/.config/containers/containers.conf to automatically mount /proc on /proc while inside of the container. This prevents additional permissions being required that are blocked when not in --privileged mode. Setup volumes for /var/lib/containers and /home/podman/.local/share/containwers This will prevent the errors where people are doing overlay on overlay. Signed-off-by: Daniel J Walsh <[email protected]>
github-actions
bot
added
the
locked - please file new issue/PR
[NO TEST NEEDED] Can not test this in CI/CD system since it needs to be
merged in order for the Dockerfiles to even work.
Modified the /etc/subuid and /etc/subgid to be able to run in rootless
containers. The Range can not be the same as on the host.
Add /home/podman/.config/containers/containers.conf to automatically
mount /proc on /proc while inside of the container. This prevents
additional permissions being required that are blocked when not in
--privileged mode.
Setup volumes for /var/lib/containers and
/home/podman/.local/share/containwers
This will prevent the errors where people are doing overlay on overlay.
Signed-off-by: Daniel J Walsh [email protected]