You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bwrap: Creating new namespace failed: Operation not permitted
A similar question is asked in #3498 but in the context of a docker run command, but the answer doesn't work for me as we can't run docker build in privileged mode
I see that I can instead run opam init --disable-sandboxing, but I'm not really sure I want to do that. The documentation about this flag is not very helpful, I have no idea what sandboxing is in this context. Is using this option the recommended path to initialize opam in a container?
The text was updated successfully, but these errors were encountered:
Sandboxing is a security mechanism to prevent source builds from doing writes outside of their build areas. We use bubblewrap (cgroups) for this on Linux, but it doesn't nest cleanly. You can either run your container as --privileged, in which case you can create namespaces and sandboxing will work.
You probably just want to run with --disable-sandboxing, as you already have container-level protection in place.
I am trying to run
opam init
in myDockerfile
, to create my own Docker image for my server to run in, but I am running into this issue:A similar question is asked in #3498 but in the context of a
docker run
command, but the answer doesn't work for me as we can't rundocker build
in privileged modeI see that I can instead run
opam init --disable-sandboxing
, but I'm not really sure I want to do that. The documentation about this flag is not very helpful, I have no idea what sandboxing is in this context. Is using this option the recommended path to initialize opam in a container?The text was updated successfully, but these errors were encountered: