-
Notifications
You must be signed in to change notification settings - Fork 571
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Systemd requirement for running rootless containers #310
Comments
Something like:
And then it was something about FreeDesktop (xdg) and logins...
|
Actually rootless is not a hard requirement. Line 18 in afe1059
|
I did notice it was an optional requirement. Just wonder if it would be a "nice feature", even if docker-machine ran fine without it... * https://github.com/boot2podman/boot2podman/blob/master/building_rootless.md |
This comment was marked as off-topic.
This comment was marked as off-topic.
I made some initial attempts, using the scripts from nerdctl and readmes...
https://github.com/containerd/nerdctl/blob/master/extras/rootless/containerd-rootless.sh
#!/bin/sh
exec rootlesskit --net=slirp4netns --copy-up=/etc --disable-host-loopback buildkitd $@ The |
Why is this necessary? Why not run the service under the user |
But I want to be able to run both normal (root) and rootless containers. There is plenty of complexity and hacks in the userspace implementation, Anyway, it can stay root-by-default and systemd-only in upstream distribution. I think I updated the list of required programs, so now it's more the uid/gid mapping. |
Got it working now, at least when using the scripts and nerdctl...
The init scripts, or |
Using system (root) only for now, and require systemd for user (rootless) containers. I don't have a use case that is not fine with using the supported scripts from nerdctl...
|
Currently systemd is required for installing containerd with lima:
Should we make another OpenRC service, that drops privileges ?
(there seems to be a small typo in containerd.system as well)
Everything runs fine with
sudo nerdctl
. It also enables faster builds.Just wonder if supporting rootless would be a "requirement"/desire ?
I've packaged shadow, so mostly fuse-overlayfs and slirp4netns left...
The services would start as root, and then change to use UID 1000.
https://forums.gentoo.org/viewtopic-t-1040726-start-0.html
Then it could be included in cloud-init, which variant to start (root/user)
The text was updated successfully, but these errors were encountered: