Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

From: Muayyad AlSadi <alsadi gmail com>

To: Giuseppe Scrivano <gscrivan redhat com>

Cc: atomic-devel <atomic-devel projectatomic io>

Subject: Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

Date: Tue, 6 Mar 2018 10:28:39 +0200

what about requiring sudo to do nsenter? (even when using runc rootless)

On Mon, Mar 5, 2018 at 4:09 PM, Giuseppe Scrivano <gscrivan redhat com> wrote:

Muayyad AlSadi <alsadi gmail com> writes:

> when using runc
>
> $ mypid=`runc list | tail -n 1 | awk '{print $2}'`
> $ nsenter -a -t $mypid /bin/sh
> nsenter: reassociate to namespace 'ns/cgroup' failed: Operation not permitted
> $ sudo nsenter -a -t $mypid /bin/sh
> # worked fine
>
> but when using bwraps
>
> $ mypid=`bwrap-oci list | tail -n 1 | awk '{print $2}'
> $ nsenter -a -t $mypid /bin/sh
> nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
> $ sudo nsenter -a -t $mypid /bin/sh
> nsenter: failed to execute /bin/sh: No such file or directory

I guess that is an issue in bwrap as it internally uses chroot instead
of a pivot_root. This PR should probably fix the problem you are
seeing:

https://github.com/projectatomic/bubblewrap/pull/256

Giuseppe

Date Prev

Date Next

Thread Prev

Thread Next

Thread Index

Date Index

Author Index