Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rootless container support #2170

Closed
v217 opened this issue Jul 3, 2017 · 12 comments
Closed

Rootless container support #2170

v217 opened this issue Jul 3, 2017 · 12 comments

Comments

@v217
Copy link

v217 commented Jul 3, 2017

See opencontainers/runc#774

@williamstein
Copy link
Contributor

Please add (a lot more) description of why you created this issue...

@v217
Copy link
Author

v217 commented Jul 3, 2017

This might be useful for a student, who wishes to install cocalc on his desktop and doesn't have administrator privileges. If cocalc would run on port say 8000, there's nothing in principle, which absolutely needs root privileges (though I might be wrong/probably I am wrong about this last point.)
Rootless containers seem to have been made possible recently? This means added security.
Sorry for not being able to provide more technical feedback. Thanks!

@haraldschilly
Copy link
Contributor

haraldschilly commented Jul 3, 2017

Docker lets you select the port you want to open, so, I guess that's not an issue. I'm wondering if you have setup docker correctly?

For us to look up anything on that, please tell us which OS you have, which version of Docker, exactly what command you're running, etc.

@v217
Copy link
Author

v217 commented Jul 4, 2017

Ubuntu 17.04

sudo docker run --name=cocalc -d -v ~/cocalc:/projects -p 443:443 sagemathinc/sagemathcloud

and

sudo docker start/stop cocalc

I followed the Readme and everything worked great! I didn't configure docker, I just typed

sudo apt-get install docker.io

I just noticed the possibility of rootless containers, so I thought that certainly would be an improvement.

@v217
Copy link
Author

v217 commented Jul 4, 2017

And I would like to run:

docker run --name=cocalc -d -v ~/cocalc:/projects -p 443:443 sagemathinc/sagemathcloud

and

docker start/stop cocalc

without sudo, which seems to be possible?
as mentioned in opencontainers/runc#774

@haraldschilly
Copy link
Contributor

Well, I haven't tried it. Did you? Your remark about port numbers is good, maybe just change it to one above 1024?

@v217
Copy link
Author

v217 commented Jul 4, 2017

No, I couldn't figure out how to change the port number.

@haraldschilly
Copy link
Contributor

It's the -p ... parameter right there in the command. See https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/ for some examples.

@haraldschilly
Copy link
Contributor

so, docker run --name=cocalc -d -v ~/cocalc:/projects -p 1443:443 sagemathinc/sagemathcloud and then https://localhost:1443 would be the first thing I try.

@williamstein
Copy link
Contributor

Closing, since @haraldschilly answer really totally answers the question.

@slel
Copy link
Contributor

slel commented Sep 6, 2017

Might be worth adding this to the documentation, faq, or wiki, of
https://github.com/sagemathinc/cocalc-docker

@anton-mellit
Copy link

@williamstein It doesn't work straight away. I tried to run this on my computer at the faculty where I don't have privileges. Projects don't start. The problem is that rootless docker setup typically has 65536 available user ids, which means only uids between 1 and 65536 can be used, but smc_compute generates very large uids. I hacked smc_compute to generate uids between 10000 and 10000+32768, but a more permanent solution would be better. Has anyone else tried this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants