forked from containers/ai-lab-recipes
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
# Background The ilab command is wrapped by an `ilab` script which launches ilab inside a podman container. # Issue Since the ilab container image is pulled during the bootc image build process using the root user, the image is not accessible to non-root users. # Solution We run the container as sudo in order to be able to access the root container storage. But for security reasons we map root UID 0 inside the container to the current user's UID (and all the other subuids to the user's /etc/subuid range) so that we're effectively running the container as the current user. # Additional changes Changed `"--env" "HOME"` to `"--env" "HOME=$HOME"` to pass the HOME environment variable from the current shell and not from the sudo environment. # Future work In the future, we will run podman as the current user, once we figure a reasonable way for the current user to access the root's user container storage Signed-off-by: Omer Tuchfeld <[email protected]>
- Loading branch information
Showing
2 changed files
with
76 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters