-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prune: Use sudo
for repo-build
#165
Conversation
Since it's owned by root.
this is actually going to cause problems in the future because we won't be able to run The bare-user is a later addition that is like bare in that files are unpacked, but it can (and should generally) be created as non-root. In this mode seems like that should be possible? |
Sure you can - just try it! It just won't gain the full set of capabilities, but the one we need right now is |
(Now if you're referring to the fact that OpenShift requires dynamic uid allocation by default and does I think suppress the ability to change uid, it's easy for a cluster admin to |
yeah this is what I'm seeing now:
so if we fix coreos/rpm-ostree#1045 then this need goes away? |
No, that's just one of the problems. Running rpm-ostree compose as non-root is a distinct thing from the no --privileged Docker issue. Now you're intersecting them note - one can run rpm-ostree as non-root outside of a container (or in a container but with the outer one Doing both is going to be really quite hard - I am doubtful we can do that soon. I don't think it's unreasonable to get the |
Though I would say actually you're right in pointing out that the repo can be operated on by non-root. I started on this:
But then I realized we're not actually creating the repo owned by root either. But yeah we can make pruning the repo etc. work as non-root just fine. |
Was this patch originally motivated by an error you hit while running
which should be fine for prune since we're not setting refs. |
Since it's owned by root.