[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

From: Muayyad AlSadi <alsadi gmail com>
To: Giuseppe Scrivano <gscrivan redhat com>
Cc: atomic-devel <atomic-devel projectatomic io>
Subject: Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci
Date: Mon, 5 Mar 2018 14:23:00 +0200

when using runc

$ mypid=`runc list | tail -n 1 | awk '{print $2}'`
$ nsenter -a -t $mypid /bin/sh
nsenter: reassociate to namespace 'ns/cgroup' failed: Operation not permitted
$ sudo nsenter -a -t $mypid /bin/sh

# worked fine

but when using bwraps

$ mypid=`bwrap-oci list | tail -n 1 | awk '{print $2}'
$ nsenter -a -t $mypid /bin/sh
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
$ sudo nsenter -a -t $mypid /bin/sh
nsenter: failed to execute /bin/sh: No such file or directory

why do I need to be root to join using nsenter with runc

and why bwraps failed even if I'm root

On Mon, Mar 5, 2018 at 1:23 PM, Giuseppe Scrivano <gscrivan redhat com> wrote:

Muayyad AlSadi <alsadi gmail com> writes:

> it seems there is no bwrap-oci exec and nsenter does not work as regular user.
>
> how to enter an existing user name space just like "runc exec redis /bin/sh" using bubble wrap or nsenter?

exec is not implemented yet. The easiest way to workaround this
limitation is to use directly "nsenter -a".

Regards,
Giuseppe

Follow-Ups:
- Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci
  - From: Giuseppe Scrivano

References:
- Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci
  - From: Muayyad AlSadi
- Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci
  - From: Giuseppe Scrivano

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]