[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Atomic mount permissions error



Hi Aaron,

Aaron Weitekamp <aweiteka redhat com> writes:

> ​I have a use case where from inside a container I want to pull down another container and mount as a rootfs in a tempdir. When doing this inside a container I get permissions denied[1]
> on the bindmount. Otherwise it appears to mount fine.
> I have no host privilege added to this container--just running as root. Are there options[2] I could add to the cmd?

The mount from OSTree storage currently works as:

1) doing a checkout of the image to the destination
2) create a bind on the checkout destination, so that it is mounted
   read-only (we need this to not risk modifying files in the OSTree
   storage)

So you are probably seeing the error from the point 2)

we need 1) as the files are stored in the OSTree storage and they are
not directly accessible using the image layout.  e.g. /usr/bin/foo might
map to something like:

/ostree/repo/objects/12/ab1a754b8b923f1e58f5fb3d432ba4abc6e7e470bf3cccb4f07350fbe40c09.file

My proposal to fix this, and have more of the "mount feel" is still
waiting here:

https://github.com/ostreedev/ostree/pull/491

ostree-union-fuse will probably help in cases like yours and it will be
possible to "mount" the image from OSTree without doing any checkout,
but have the FUSE file system doing all the mapping from the rootfs to
the objects in the OSTree storage.

Regards,
Giuseppe


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]