-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
COPY fails on some base-images (cern/cc7-base) #19
Comments
I notice that the rootfs directory is created without any write permissions (
|
I will take a look at this bug today/tomorrow -- sorry for not looking at this in a while (for some reason I got un-subscribed from this repository...). Just to verify -- is
That's very strange -- umoci should be making it with a |
yes it's available. Thanks for looking into it! |
I haven't been able to reproduce this problem for some reason:
Do you have a strange
|
hm this is my setup umask gives
the tool versions are
|
Ah, I misunderstood. I was running |
Ah right this was just a mistake in the post above in the OP I used rootless. this is what ai get
|
It's almost certainly caused by |
thanks for looking into it! |
Sorry for not responding earlier -- The underlying issue is that The core problem is that the The plan going forward for |
Thanks @cyphar I just chose
so from your description it seems this should work. Unfortunately it seems CERNs interactive node regressed into a state that makes I wonder if it's related to this opencontainers/runc#1513 The node I'm working on should have unprivileged namespaces enabled though, maybe some update rolled that back. @davidlt did you try rootless runc recently on lxplus? I do see
|
it seems due to this CVE https://access.redhat.com/security/cve/cve-2018-1000001 we now have have we're following the discussions here: |
In principle it might work -- though the writable issue still might occur. Really I would recommend not making your images have |
thanks. I'll raise it with the people responsible for the image. |
turns out one can just add a
|
I guess that implies that the default |
yeah the workaround also only works sometimes. If i switch the image from
building a new image based on it fails (while it worked with
|
Hi,
i'm continuing to workon integrating this with some of the CERN infrastructure. skopeo / orca-build / umoci (with https://github.com/openSUSE/umoci/issues/223) works nicely and I can build a new image from this Dockerfile
changing the FROM line to
cern/cc7-base
fails with a python error onshutil.copy
when it tries to copy thedatatocopy
filethis is the log. Could this be related to some permissions set in the base image?
The text was updated successfully, but these errors were encountered: