Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

[Muayyad AlSadi <alsadi gmail com>]

here is my blog post

https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html

the error in "bwrap-oci run"

bwrap-oci: unknown mount type none

was because of type none in /sys

    "mounts": [
...
        {
            "destination": "/sys",
            "type": "none",
            "source": "/sys",
            "options": [
                "rbind",
                "nosuid",
                "noexec",
                "nodev",
                "ro"
            ]
        }

but removing it did not solve the problem

On Fri, Feb 23, 2018 at 1:49 AM, Muayyad AlSadi <alsadi gmail com> wrote:

after that, the following worked

cd cont1
runc spec

runc run myname

I also tried "runc spec --rootless" and it worked but bwrap-oci did not

$ bwrap-oci run
bwrap-oci: unknown mount type none

On Fri, Feb 23, 2018 at 1:33 AM, Muayyad AlSadi <alsadi gmail com> wrote:

ostree checkout ociimage/nginx_3Alatest cont1
cat cont1/manifest.json | jq '.layers[]|.digest' | sed -re 's/"//g' | cut -d ':' -f 2 | while read a; do echo ostree checkout --union ociimage/$a cont1/rootfs; done

what's next?

On Fri, Feb 23, 2018 at 12:18 AM, Muayyad AlSadi <alsadi gmail com> wrote:

hi,

I'm running fedora as regular user

and I wonder how can I use skopeo+ostree+bwrap-oci to run a docker image

using bwrap-oci having files stored as ostree

$ mkdir ostree

$ cd ostree
$ ostree init --mode=bare-user --repo=$PWD
$ skopeo copy docker://redis:alpine ostree:redis $PWD
$ skopeo copy docker://nginx:alpine ostree:nginx $PWD
$ skopeo copy docker://busybox:alpine ostree:busybox $PWD
$ ostree refs
$ ostree ls ociimage/redis_3Alatest
$ ostree checkout ociimage/nginx_3Alatest cont1

$ cd cont1
$ bwrap-oci -c manifest.json run
bwrap: --userns-block-fd requires --unshare-user

so what went wrong?