-
Notifications
You must be signed in to change notification settings - Fork 453
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security=insecure does not automatically provide access to devices #220
Comments
@smira I tried it and it indeed did not work. Any ideas? |
not sure, does this we used something like: https://github.com/talos-systems/talos/blob/master/Makefile#L52
|
@smira yes
|
our usecase was actually running containerd in a process launched from |
@smira but shouldn't be using |
So I guess the problem is that loopback mount relies on
And error message from |
And to add to that, one can successfully do bind mount for example:
|
@smira I forgot the |
@tonistiigi this is more of a product-level question, I'm not sure if I don't have a good answer tbh |
@tonistiigi I saw your PR and did test using it, but unfortunately it doesn't work, sure now it's not giving a error anymore but the image is simply not mounted # syntax = docker/dockerfile:experimental
FROM archlinux/base as system
RUN pacman -Sy --noconfirm wget unzip
RUN wget https://dl.google.com/android/repository/sys-img/android/armeabi-v7a-22_r02.zip
RUN unzip armeabi-v7a-22_r02.zip
RUN mkdir /armeabi-v7a/mnt
RUN --security=insecure mount /armeabi-v7a/system.img /armeabi-v7a/mnt
RUN ls /armeabi-v7a/mnt Any idea? |
That PR is not in a release build yet, did you use |
@EduardoRFS btw, your loopback mount will not exist after |
@tonistiigi oh nice, I did tried it with master, but didn't tought about it thx man <3 |
I'm trying to build a docker image using an ext4 filesystem, but it seems that even when using
--allow security.insecure
I cannot run some commands likemount
nor access my host devices, like what--privileged
allows.docker buildx build --allow security.insecure .
The text was updated successfully, but these errors were encountered: