Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

removed privileged and mknod cap; docker entrypoints reworked #210

Merged
merged 4 commits into from Mar 21, 2018

Conversation

Projects
None yet
3 participants
@zolia
Copy link
Member

commented Mar 19, 2018

No description provided.

@zolia zolia requested review from tadovas, donce and Waldz Mar 19, 2018

@tadovas

This comment has been minimized.

Copy link
Member

commented Mar 19, 2018

Are you sure? 80% of the changes reverts alpine images and env variables. What was the intention?

@zolia

This comment has been minimized.

Copy link
Member Author

commented Mar 20, 2018

Yes, currently these are needed to be able to run containers without privileged mode. Device creation requires privileged mode. Maybe we will move these to image creation phase.

@zolia

This comment has been minimized.

Copy link
Member Author

commented Mar 21, 2018

We cannot move device creation into image, as container reuses hosts's /dev tree and does not have its own. Leaving as is.

@tadovas

This comment has been minimized.

Copy link
Member

commented Mar 21, 2018

Ok so basically what I found on the internet is:

  1. docker containers have mknod cap by default
  2. without priviledged flag, docker /dev mount goes through cgroups protection and therefore host device list is not accessible
    So now it clear - we need to setup /dev/net/tun on entrypoint
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

This comment has been minimized.

Copy link
@Waldz

Waldz Mar 21, 2018

Member

Looks like same script duplicated twice

@@ -21,7 +21,6 @@ DOCKER_IMAGE="mysteriumnetwork/mysterium-node"
printf "Building Alpine image..\n" \
&& docker build \
--file bin/server_docker/alpine/Dockerfile \
--build-arg PACKAGE_VERSION=$VERSION \

This comment has been minimized.

Copy link
@Waldz

Waldz Mar 21, 2018

Member

This is build arguments, ant it's still required by Ubuntu's Dockerfile

This comment has been minimized.

Copy link
@zolia

zolia Mar 21, 2018

Author Member

for ubuntu docker we have separate run script, this one build only alpine..

@zolia zolia requested review from Waldz and removed request for donce Mar 21, 2018

@Waldz

Waldz approved these changes Mar 21, 2018

@zolia zolia merged commit 4fdbf4e into master Mar 21, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@tadovas tadovas deleted the HOTFIX/no-privileged-cap-needed branch Jul 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.