-
Notifications
You must be signed in to change notification settings - Fork 770
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the --no-pivot flag to the run command #1071
Conversation
Can one of the admins verify this patch?
|
bot, add author to whitelist |
@TomSweeneyRedHat: Either with docker run: Or with buildah run: This implementation uses a parameter, which means that it is all pushed on the user. :-( https://github.com/kubernetes/minikube/blob/master/pkg/provision/buildroot.go#L79:L80 We have the same thing for crio, but yet no global configuration for podman and buildah. Currently there is a little bit of struggle left, getting the new images "all the way" to cri-o/k8s. But that's mostly config issues like "overlay" vs "overlay2", or mounting /var/lib/containers... The ways of working is not yet set, for now https://kubernetes.io/docs/setup/minikube/#reusing-the-docker-daemon (--> running buildah on VM) |
What is a DCO ? (Travis failure) |
@afbjorklund the DCO is due to the commit not being signed, sorry, didn't spot that last night. You'll need to do: |
--no-pivot: "do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk" Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Weird that such a thing should break the build, but whatever. Signed off the commit... |
Test failure due to a network flake talking to the registry, going to retest. |
bot, retest this please. |
@afbjorklund TYVM for the background info btb. |
@afbjorklund We need modifications to the man pages and command completions. I agree we need @giuseppe and @nalind To approve. |
I can do the man pages and bash completions, just wanted some feedback if we should add an environment variable so that it can be configured once and transparently ? And the name of it, if so... Basically it would be nice if the user could just use buildah and not worry about it (i.e. |
@afbjorklund We are doing config via environment variables, since we are trying to avoid config files, for now. BUILDAH_NOPIVOT would be my pick. |
Thanks. I guess we could set this in |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Make that |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
@afbjorklund Looks like @nalind Removed --no-pivot-root in f941593 |
Yeah, I noticed that - but I think it was for a different reason ? (rootless rather than tmpfs) |
the LGTM |
📌 Commit 4386d22 has been approved by |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com> Closes: #1071 Approved by: rhatdan
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com> Closes: #1071 Approved by: rhatdan
☀️ Test successful - status-papr |
Thank you, seems to be working with it fine in minikube - see linked issue for a complete example. |
--no-pivot: "do not use pivot root to jail process inside rootfs.
This should be used whenever the rootfs is on top of a ramdisk"
This is used in minikube, currently with $DOCKER_RAMDISK
(but I'm not sure if this clients wants to honor that env variable...)