我想知道如何在不使用--privileged参数的情况下在 docker 容器中运行 Podman ?我没有使用rootless,这意味着我现在正在与root用户一起运行。
privileged$ docker run --rm -it --privileged podman:test sh
$ / podman run --rm -it docker.io/alpine sh
Trying to pull docker.io/alpine...
Getting image source signatures
Copying blob cbdbe7a5bc2a done
Copying config f70734b6a2 done
Writing manifest to image destination
Storing signatures
/ #
$ docker run --rm -it --cap-add SYS_ADMIN --cap-add NET_ADMIN podman:test sh
$ / podman run --rm -it docker.io/alpine sh
Trying to pull docker.io/alpine...
Getting image source signatures
Copying blob cbdbe7a5bc2a done
Copying config f70734b6a2 done
Writing manifest to image destination
Storing signatures
Error: create keyring `d6bb4a926fb75e83cedac316b9333047f4367507d26daf697eb77f76d371996c`: Operation not permitted: OCI runtime permission denied error
FROM openjdk:15-alpine
RUN apk add --update --no-cache \
podman --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
CMD ["tail","-f","/dev/null"]
podman:test图像$ docker build -t podman:test .
(Version 1.9.0)host:
arch: amd64
buildahVersion: 1.14.8
cgroupVersion: v1
conmon:
package: Unknown
path: /usr/bin/conmon
version: 'conmon version 2.0.15, commit: fe9204ee50c78c6109f21a1da74ebfc813885987'
cpus: 4
distribution:
distribution: alpine
version: 3.11.5
eventLogger: file
hostname: 80da79367e72
idMappings:
gidmap: null
uidmap: null
kernel: 4.19.76-linuxkit
memFree: 684023808
memTotal: 2086154240
ociRuntime:
name: crun
package: Unknown
path: /usr/bin/crun
version: |-
crun version 0.13
commit: e79e4de4ac16da0ce48777afb72c6241de870525
spec: 1.0.0
+SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
rootless: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 1051348992
swapTotal: 1073737728
uptime: 160h 51m 0.59s (Approximately 6.67 days)
registries: {}
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: vfs
graphOptions: {}
graphRoot: /var/lib/containers/storage
graphStatus: {}
imageStore:
number: 0
runRoot: /var/run/containers/storage
volumePath: /var/lib/containers/storage/volumes
小智 0
似乎缺少一些参数。
docker run --rm -it --cap-add SYS_ADMIN --cap-add NET_ADMIN podman:test sh
反而
docker run --rm -it --cap-add=sys_admin --cap-add mknod --device=/dev/fuse --security-opt seccomp=unconfined --security-opt label=disable podman:test sh
我也没有在下面看到任何 fusion-overlayfs 包。
应在此处添加(fuse-overlayfs)
RUN apk add --update --no-cache \
podman --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
请参阅下面的一般文档。 https://www.redhat.com/sysadmin/podman-inside-container
| 归档时间: |
|
| 查看次数: |
1359 次 |
| 最近记录: |