error running container: error from /usr/bin/crun creating container for [/bin/sh -c pip install -r requirements.txt]: mount /proc to /proc: Operation not permitted
#10864
Comments
|
Hi Team, Any update on this...? |
|
@rhatdan @umohnani8 ptal |
|
Hi @sachinkaushik is this rootless container being invoked from another rootless/non-root container ? Could you try adding this to your |
|
also afaik parent container has to be |
|
HI @flouthoc , Thank you for response..!!! We have created a Container Image using below Dockerfile by docker build -t . command. And now this container image we are running as rootless(we have podman User in dockerfile) container in Openshift. This is a rootless container running in openshift. Now if we try to build python application Dockerfile that is having pip install command then only we are getting error mentioned in issue subject. Using below Dockerfile we have created Container Image and same we have deployed in Openshift and that is running as rootless container and inside this we are trying build python application. ------------------------------------Dockerfile start------------------------------------------------------ FROM quay.io/podman/stable:latest RUN touch /etc/subgid /etc/subuid RUN yum install -y RUN pip install jupyterlab ENV PATH $PATH:/opt/gradle-3.3/bin COPY registries.conf /etc/containers/ WORKDIR /data ENTRYPOINT ["/etc/containers/login-script.sh"] ----------------------------------------------Dockerfile end------------------------------------------------------ Note : We have to give less privileged to User. |
|
@sachinkaushik oh its fine if you don't want to try |
|
Hi @flouthoc , I just try it and getitng same error. podman build --security-opt seccomp=unconfined --cap-add all -t python-image . STEP 5: RUN pip install -r requirements.txt
I followed Rootless Podman without the privileged flag article. |
|
@sachinkaushik and just for a try what happens when you set |
|
@flouthoc We have created s SCC and in that we have allowPrivilegedContainer: false . Do you want us to set value of allowPrivilegedContainer as true ? |
|
@flouthoc We tried setting up value of allowPrivilegedContainer as true. But still no luck. STEP 5: RUN pip install -r requirements.txt |
|
@sachinkaushik I was not able to spend time on this yesterday will probably re-create this on my end and will try a few things. btw when you tried |
|
Hi @flouthoc , Yes we updated. We are using Service Account and that SA is bind with Role. And that role is having a below SCC. ------------------------------------------------------------SCC Start-------------------------------------
|
|
The issue is the outer container has setup /proc with certain read/only mounts and mounted over parts of /proc, When running podman container inside it tries to modify /proc mount and the kernel does not allow this. So you can either do an --unmask=/proc/* or --unmask=all on the outside container. or volume mount -v /proc:/proc on the inside container. (I believe). @giuseppe WDYT? |
|
I tried above things but still no luck... error running container: error from /usr/bin/crun creating container for [/bin/sh -c pip install -r requirements.txt]: mount I think there is problem with crun, it doesn't have permission to mount proc. We have below dockerfile and trying to build container image of it. But step 5 <RUN pip install -r requirements.txt> gives error. -----------------------Docker file-------------------- FROM python:3-alpine |
|
@sachinkaushik I tried recreating your use-case I did this by-the-way.
Podman version: |
|
Same case for rootless privileged container started using Steps i did
Podman version: |
|
This is working as rootful container our end also. But when Im running as rootless container then getting below error. This is new error now. We have priviledge true as well in Pod YAML file. Please help me here what else config I'm missing to add. securityContext: Error : STEP 5: RUN pip install -r requirements.txt Im creating container using below docker file. FROM quay.io/podman/stable:latest RUN yum install -y RUN pip install jupyterlab USER podman WORKDIR /data ENTRYPOINT ["jupyter", "lab", "--port=8888", "--no-browser", "--ip=0.0.0.0", "--allow-root"] Working with root User.
|
|
@sachinkaushik have you tried the build with the Another option would be to run your pod in a user namespace using the cri-o runtime class method. The steps for doing this is in the article as well. Article: https://www.redhat.com/sysadmin/podman-inside-kubernetes |
|
@umohnani8 Now im not getting proc mount error. Now there is below error when I'm running as rootless container. I have added subuid and subguid in dockerfile as well, as mentioned in article. error running container: error from /usr/bin/crun creating container for [/bin/sh -c pip install -r requirements.txt]: newgidmap: gid range [0-4294967295) -> [0-4294967295) not allowed
And if try with--isolation=chroot flag, using below command getting another error. podman build --isolation chroot -t demo STEP 5: RUN pip install -r requirements.txt Dockerfile :FROM quay.io/podman/stable:latest RUN echo umohnani:100000:65536 > /etc/subuid; RUN yum install -y RUN pip install jupyterlab COPY login-script.sh /etc/containers/ USER podman WORKDIR /data ENTRYPOINT ["jupyter", "lab", "--port=8888", "--no-browser", "--ip=0.0.0.0", "--allow-root"] jupyter lab --port=8888 --no-browser --ip=0.0.0.0 --allow-root |
|
@sachinkaushik Could you please remove the lines from you Containerfile/Dockerfile RUN echo umohnani:100000:65536 > /etc/subuid;
echo containers:200000:268435456 > /etc/subuid;
echo umohnani:100000:65536 > /etc/subgid;
echo containers:200000:268435456 > /etc/subgid; and try |
|
@flouthoc first I tried without above lines from dockerfile for rootless container. I was getting below error. Then I tried with above lines but still there was same error. error running container: error from /usr/bin/crun creating container for [/bin/sh -c pip install -r requirements.txt]: newgidmap: gid range [0-4294967295) -> [0-4294967295) not allowed |
|
Could you please share |
|
@flouthoc Please find below output of podman info podman info :: host:
I created container using below Dockerfile.FROM quay.io/podman/stable:latest RUN yum install -y RUN pip install jupyterlab USER podman WORKDIR /data ENTRYPOINT ["jupyter", "lab", "--port=8888", "--no-browser", "--ip=0.0.0.0", "--allow-root"] |
|
@sachinkaushik try a smaller range and also add entry for root by adding this to containerfile RUN touch /etc/subgid /etc/subuid
&& chmod g=u /etc/subgid /etc/subuid /etc/passwd
&& echo root:165536:65536 > /etc/subuid
&& echo root:165536:65536 > /etc/subgid
&& echo containers:165536:65536 > /etc/subgid
&& echo containers:165536:65536 > /etc/subuid
&& echo podman:10000:5000 > /etc/subuid
&& echo podman:10000:5000 > /etc/subgid |
|
@flouthoc I tried after adding above lines in Dockerfile but still same error. FROM quay.io/podman/stable:latest RUN touch /etc/subgid /etc/subuid RUN yum install -y RUN pip install jupyterlab USER podman WORKDIR /data ENTRYPOINT ["jupyter", "lab", "--port=8888", "--no-browser", "--ip=0.0.0.0", "--allow-root"]podman info : [podman@cliservice-874f8bb78-xhfds hello-world-python]$ podman info
|
|
@flouthoc @umohnani8 any update on this? |
|
@sachinkaushik catching up on the conversation here, are you running your pod with privileged set to true or false? Based on the initial issue report, it says you were trying to run builds in an unprivileged pod, but in #10864 (comment) you are setting privileged to true, hence running the pod as privileged. Can you please share your pod yaml? It will help me understand what scenario you are trying to run. |
|
@umohnani8 Please find below attached POD and Deployment YAML file. I have also attached Containerfile/Dockerfile as well. We want to run rootless container without privileged flag. Deployment.YAML : Pod.YAML: Dockerfile : |
|
Hi @flouthoc / @umohnani8 , Is there any way to run rootless container without below config in deployment yaml? securityContext: We don't want to run container with privileged flag. if we remove this from deployment yaml, we get below error. Error: invalid configuration: the specified mapping 1000:1 in "/etc/subuid" includes the user UID Thank you in advance. |
|
Hi @flouthoc , @umohnani8 , @rhatdan Any update on this..? |
|
Hi @flouthoc / @umohnani8, I tried removing privileged true from deployment yaml file and I also removed subuid and subgid from the containerfile, then there is below error. Error: cannot setup namespace using newuidmap: exit status 1 ----------------------------------Containerfile----------------------------------------- FROM quay.io/podman/stable:latest RUN echo "export isolation=chroot" >> /home/podman/.bashrc COPY login-script.sh /etc/containers/ USER podman WORKDIR /data ENTRYPOINT ["/etc/containers/login-script.sh"] I removed below mapping from container file. RUN touch /etc/subgid /etc/subuid I have already followed https://www.redhat.com/sysadmin/podman-inside-kubernetes 's Rootless Podman without the privileged flag article but nothing is working. |
|
@sachinkaushik What is the error after these steps ? and does it works as it as soon as you add |
|
Hi @flouthoc We reviewed that implementation with Security team and as per them we can not give privileged true to container. After removing that privileged: true , we are getting below error, even thought if we use same id mapping in container file. mount /proc to /proc: Operation not permitted RUN touch /etc/subgid /etc/subuid |
|
@sachinkaushik I looked at the pod yaml and Dockerfile you shared and tried out your use case on an OpenShift 4.8 cluster. First I built a new image with the python libraries installed (I simplified it a bit): There shouldn't be a need to modify the /etc/subuid and /etc/subgid files, those should already exist with the correct ranges. Then I created a rootless unprivileged pod with the image I built from the above Dockerfile: I exec'd into the pod above and built a Dockerfile similar to what you shared: Can you please give me a little information on what platform you are running this on like OpenShift version and anything specific about any scc and policies being used? Can you also try something simple like what I shared above and see if that is working for you? I looked at the pod yaml you shared and nothing looks wrong with it. When using a rootless unprivileged container, you need to use --isolation chroot when doing builds as the kernel blocks a lot of build permissions required in the default isolation setting. @giuseppe any idea what could be causing the /proc permission denied error? I am running a similar build within a podman container and I am not seeing that issue. |
|
Hi @umohnani8 , I tried with your container image (quay.io/umohnani8/mypodman) that you have used and also added runAsUser: 1000 in deployment yaml file. But still same /proc error we are getting. We are using Openshift 4.7.16 version. We are using only scc that I have already shared with you. I have also added --isolation chroot in container file. so we dont need to pass it explicitly. RUN echo "export isolation=chroot" >> /home/podman/.bashrc |
|
@sachinkaushik I think I know what your issue is, looks like you are setting selinux labels in your pod You need to disable selinux for podman inside a k8s pod to work fine. Please remove the selinux label and try again. The two things that you need to run podman inside a container in unprivileged mode is to use the /dev/fuse device and disable selinux. |
|
We have changed seLinuxContext and fsGroup type from mustRunAs to runAsAny. After making that change there is no seLinuxOptions in pod yaml file. Also we have checked seLinex is already disabled and we have also created fuse-device DeamonSet as well as mentioned in below link. https://www.redhat.com/sysadmin/podman-inside-kubernetes(Rootless Podman without the privileged flag) Attaching Pod and SCC yaml file. Pod Yaml : SCC Yaml : Please find below screenshot from host machine.
Please guide us here what else we need to debug here. Thank you for response |
|
HI @umohnani8 / @flouthoc , Any update on this..? |
|
is there a The kernel doesn't allow to mount a new Can you show the output of |
|
@giuseppe Please fine below output of cat /proc/self/mountinfo. This output is when we have added privileged: true 33571 25829 0:2565 / / rw,relatime - overlay overlay rw,context="system_u:object_r:container_file_t:s0:c474,c971",lowerdir=/var/lib/containers/storage/overlay/l/4HFDQQUSKVBDJDYHIV5VDR76ND:/var/lib/containers/storage/overlay/l/WNM7J3ERZOVHKOSPZZEXRUX2L5:/var/lib/containers/storage/overlay/l/4C3MPPI6SMJBWYV5IORJK5PZDE:/var/lib/containers/storage/overlay/l/WFVHUYAFWCMYGCJTVC7RVZMFIJ:/var/lib/containers/storage/overlay/l/TT55GN6RYIL4DEFMYSN2UVCES4:/var/lib/containers/storage/overlay/l/U5MHN3OELOHMCD2MEMXFFXBQMM:/var/lib/containers/storage/overlay/l/I2XFSBQQC7SWRQIA7JB5RX22YK:/var/lib/containers/storage/overlay/l/CV7IOHBSUJQ2YKSW5FICJO4DRB:/var/lib/containers/storage/overlay/l/CRH7GKRPPHMFWJIE2SDYOSPP4O:/var/lib/containers/storage/overlay/l/WB2HS5WGPDZ3O7U5TVJ32KXUVD:/var/lib/containers/storage/overlay/l/SIEFPXEP7QSUP4SVTY77M3NLNK:/var/lib/containers/storage/overlay/l/64PYQNEZ6H6DMIAKHN5MY2OUMX:/var/lib/containers/storage/overlay/l/KPLFEVBXFSTZ77A7QPNA7XFREQ:/var/lib/containers/storage/overlay/l/ZVP5XBA4YQL6J6V2RPY5VOOSZS:/var/lib/containers/storage/overlay/l/HAYNKPRFEJAOTRIW35HX644ADL:/var/lib/containers/storage/overlay/l/TTFVIV3P5EA4OEQTH62IBFFOZX:/var/lib/containers/storage/overlay/l/CKTMNM3NOTSJX7ASDPYZHF4YOZ:/var/lib/containers/storage/overlay/l/TNA227WBQUZOH2WWP4SHIWMVX2:/var/lib/containers/storage/overlay/l/MI7A27HZOKCWRRDNUZJ4SDHHAX:/var/lib/containers/storage/overlay/l/U5Z36ICBD6DQ36HPVYFX4FOSMV:/var/lib/containers/storage/overlay/l/DYJEAVVWK3CAHDDSWETHAFCJJB:/var/lib/containers/storage/overlay/l/3ZCHJAZSPUU6DRAJHMRCXMNZNB:/var/lib/containers/storage/overlay/l/4ATHCTWKQVDBK7FPTBVX3ONUNM:/var/lib/containers/storage/overlay/l/DDML7PV4HWPYHRNGV37WP55D5C:/var/lib/containers/storage/overlay/l/U5CI32VJIZCCZO2XAPU32IHYS4:/var/lib/containers/storage/overlay/l/4FSVVT4DKEWLTTNFKNRTMJHWBF:/var/lib/containers/storage/overlay/l/SRJXPWUOCAZ7RJZOQ7RL6T3ELP:/var/lib/containers/storage/overlay/l/NMOWU6W4XMDOLGLRJ5JCUORECW:/var/lib/containers/storage/overlay/l/BKE3KVO56COK6LZEJSKK3Q7MJU,upperdir=/var/lib/containers/storage/overlay/8b715d787d68cfb1f281abb4b95905396f5a167d387ea28a108881327642f820/diff,workdir=/var/lib/containers/storage/overlay/8b715d787d68cfb1f281abb4b95905396f5a167d387ea28a108881327642f820/work |
|
thanks for sharing it! This is the configuration where you see the From what I can see the mount table looks fine. |
|
Hi @giuseppe , Below is output of cat /proc/self/mountinfo , when we remove privileged: true from deployment yaml. I just run podman build -t img . command now we are getting below error. Error: invalid configuration: the specified mapping 1000:1 in "/etc/subuid" includes the user UID 33824 29520 0:3015 / / rw,relatime - overlay overlay rw,context="system_u:object_r:container_file_t:s0:c126,c1014",lowerdir=/var/lib/containers/storage/overlay/l/4HFDQQUSKVBDJDYHIV5VDR76ND:/var/lib/containers/storage/overlay/l/WNM7J3ERZOVHKOSPZZEXRUX2L5:/var/lib/containers/storage/overlay/l/4C3MPPI6SMJBWYV5IORJK5PZDE:/var/lib/containers/storage/overlay/l/WFVHUYAFWCMYGCJTVC7RVZMFIJ:/var/lib/containers/storage/overlay/l/TT55GN6RYIL4DEFMYSN2UVCES4:/var/lib/containers/storage/overlay/l/U5MHN3OELOHMCD2MEMXFFXBQMM:/var/lib/containers/storage/overlay/l/I2XFSBQQC7SWRQIA7JB5RX22YK:/var/lib/containers/storage/overlay/l/CV7IOHBSUJQ2YKSW5FICJO4DRB:/var/lib/containers/storage/overlay/l/CRH7GKRPPHMFWJIE2SDYOSPP4O:/var/lib/containers/storage/overlay/l/WB2HS5WGPDZ3O7U5TVJ32KXUVD:/var/lib/containers/storage/overlay/l/SIEFPXEP7QSUP4SVTY77M3NLNK:/var/lib/containers/storage/overlay/l/64PYQNEZ6H6DMIAKHN5MY2OUMX:/var/lib/containers/storage/overlay/l/KPLFEVBXFSTZ77A7QPNA7XFREQ:/var/lib/containers/storage/overlay/l/ZVP5XBA4YQL6J6V2RPY5VOOSZS:/var/lib/containers/storage/overlay/l/HAYNKPRFEJAOTRIW35HX644ADL:/var/lib/containers/storage/overlay/l/TTFVIV3P5EA4OEQTH62IBFFOZX:/var/lib/containers/storage/overlay/l/CKTMNM3NOTSJX7ASDPYZHF4YOZ:/var/lib/containers/storage/overlay/l/TNA227WBQUZOH2WWP4SHIWMVX2:/var/lib/containers/storage/overlay/l/MI7A27HZOKCWRRDNUZJ4SDHHAX:/var/lib/containers/storage/overlay/l/U5Z36ICBD6DQ36HPVYFX4FOSMV:/var/lib/containers/storage/overlay/l/DYJEAVVWK3CAHDDSWETHAFCJJB:/var/lib/containers/storage/overlay/l/3ZCHJAZSPUU6DRAJHMRCXMNZNB:/var/lib/containers/storage/overlay/l/4ATHCTWKQVDBK7FPTBVX3ONUNM:/var/lib/containers/storage/overlay/l/DDML7PV4HWPYHRNGV37WP55D5C:/var/lib/containers/storage/overlay/l/U5CI32VJIZCCZO2XAPU32IHYS4:/var/lib/containers/storage/overlay/l/4FSVVT4DKEWLTTNFKNRTMJHWBF:/var/lib/containers/storage/overlay/l/SRJXPWUOCAZ7RJZOQ7RL6T3ELP:/var/lib/containers/storage/overlay/l/NMOWU6W4XMDOLGLRJ5JCUORECW:/var/lib/containers/storage/overlay/l/BKE3KVO56COK6LZEJSKK3Q7MJU,upperdir=/var/lib/containers/storage/overlay/ab2b323a40fc413e9f8623f751e4402930da59aee723ef21d3138f584280c735/diff,workdir=/var/lib/containers/storage/overlay/ab2b323a40fc413e9f8623f751e4402930da59aee723ef21d3138f584280c735/work |
|
there are a bunch of mounts that cover Even if you manage to solve the newuidmap/newgidmap problem and avoid the UID is part of the subuids, you won't still be able to run a container with a separate pid namespace because the kernel won't allow it. There must be a fully visible |
|
in other words, you need to run the pod privileged. Or if you use CRI-O, use the CRI-O annotations to create a user namespace: https://www.redhat.com/sysadmin/podman-inside-kubernetes (paragraph |
|
@giuseppe we dont want to run container from cli, we just want to create container image that is our requirement. we have cto push that container image to OCR registry but we dont allow user to run that container image. |
|
aren't you trying to build the image from a Kubernetes pod? |
|
@giuseppe we have below containerfile and using that we are creating a container image and we are creating deployment using that in openshift. So for this deployment we have a pod running in openshift, and we have expose a route for the service and accessing jupyterlab. FROM quay.io/podman/stable:latest RUN touch /etc/subgid /etc/subuid RUN echo "export isolation=chroot" >> /home/podman/.bashrc RUN yum install -y RUN pip install jupyterlab USER podman ENTRYPOINT [jupyter lab --port=8888 --no-browser --ip=0.0.0.0 --allow-root] |
|
You still need to be able to run a container in order to deal with the |
|
A friendly reminder that this issue had no activity for 30 days. |
|
I am closing this issue since there was no feedback for more than a month. Please reopen if you've more comments |
|
Just wanted to point out the error with path does not exist is consistient with using commandline syntax for volumes in the dockerfile ie VOLUME /path:/path instead of VOLUME /path /path |
github-actions
bot
added
the
locked - please file new issue/PR
Hi Team,
I have created a running rootless openshift container using a Dockerfile. I followed below link for creating Rootless Podman without the privileged flag. I'm able to build java spring application but when I try to build python application using Dockerfile that has pip install then I'm getting below error. Can you please let us know what else config required to resolve below error?
https://www.redhat.com/sysadmin/podman-inside-kubernetes
error running container: error from /usr/bin/crun creating container for [/bin/sh -c pip install -r requirements.txt]: mount
/procto/proc: Operation not permittedpodman --version :: podman version 3.2.2
podman info ::
host:
arch: amd64
buildahVersion: 1.21.0
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.0.27-2.fc34.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.27, commit: '
cpus: 12
distribution:
distribution: fedora
version: "34"
eventLogger: file
hostname: cliservice-7dff79cbd7-n7krd
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 10000
size: 5000
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 10000
size: 5000
kernel: 4.18.0-240.22.1.el8_3.x86_64
linkmode: dynamic
memFree: 55972347904
memTotal: 67230187520
ociRuntime:
name: crun
package: crun-0.20.1-1.fc34.x86_64
path: /usr/bin/crun
version: |-
crun version 0.20.1
commit: 0d42f1109fd73548f44b01b3e84d04a279e99d2e
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
remoteSocket:
path: /tmp/podman-run-1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.1.9-1.fc34.x86_64
version: |-
slirp4netns version 1.1.8+dev
commit: 6dc0186e020232ae1a6fcc1f7afbc3ea02fd3876
libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.0
swapFree: 0
swapTotal: 0
uptime: 21h 24m 42.97s (Approximately 0.88 days)
registries:
default-route-openshift-image-registry.apps.cfa.devcloud.intel.com:
Blocked: false
Insecure: true
Location: default-route-openshift-image-registry.apps.cfa.devcloud.intel.com
MirrorByDigestOnly: false
Mirrors: []
Prefix: default-route-openshift-image-registry.apps.cfa.devcloud.intel.com
quay.io:
Blocked: false
Insecure: true
Location: quay.io
MirrorByDigestOnly: false
Mirrors: []
Prefix: quay.io
search:
store:
configFile: /home/podman/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.mount_program:
Executable: /usr/bin/fuse-overlayfs
Package: fuse-overlayfs-1.5.0-1.fc34.x86_64
Version: |-
fusermount3 version: 3.10.4
fuse-overlayfs: version 1.5
FUSE library version 3.10.4
using FUSE kernel interface version 7.31
graphRoot: /home/podman/.local/share/containers/storage
graphStatus:
Backing Filesystem: overlayfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "false"
imageStore:
number: 5
runRoot: /tmp/podman-run-1000/containers
volumePath: /home/podman/.local/share/containers/storage/volumes
version:
APIVersion: 3.2.2
Built: 1624664959
BuiltTime: Fri Jun 25 23:49:19 2021
GitCommit: ""
GoVersion: go1.16.4
OsArch: linux/amd64
Version: 3.2.2
------------------------------------------------------Dockerfile- Start-------------------------------------------
FROM quay.io/podman/stable:latest
RUN touch /etc/subgid /etc/subuid
&& chmod g=u /etc/subgid /etc/subuid /etc/passwd
&& echo podman:10000:5000 > /etc/subuid
&& echo podman:10000:5000 > /etc/subgid
RUN yum install -y
python3-pip
python3 python3-wheel
git
java-11-openjdk.x86_64
RUN pip install jupyterlab
ARG MAVEN_VERSION=3.8.1
ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
RUN mkdir -p /usr/share/maven /usr/share/maven/ref
&& curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz
&& tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1
&& rm -f /tmp/apache-maven.tar.gz
&& ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
&& yum install wget -y
&& yum install unzip -y
&& wget -q https://services.gradle.org/distributions/gradle-3.3-bin.zip
&& unzip gradle-3.3-bin.zip -d /opt
&& rm gradle-3.3-bin.zip
ENV JAVA_HOME /usr/lib/jvm/jre-11-openjdk/
ENV MAVEN_HOME /usr/share/maven
ENV GRADLE_HOME /opt/gradle-3.3
ENV PATH $PATH:/opt/gradle-3.3/bin
COPY registries.conf /etc/containers/
COPY login-script.sh /etc/containers/
RUN chmod -R 777 /etc/containers/login-script.sh
USER podman
WORKDIR /data
ENTRYPOINT ["/etc/containers/login-script.sh"]
-------------------------------------------Dockerfile End-------------------------------------------
The text was updated successfully, but these errors were encountered: