From 40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0 Mon Sep 17 00:00:00 2001 From: tomsweeneyredhat Date: Thu, 10 Feb 2022 12:28:42 -0500 Subject: Make the hello image leaner [NO TESTS NEEDED] Change from using a bash script to a c file for running the image. With thanks to discussions with @afbjorklund, the Containerfile was rigged up to make the final image be only KB's in size. Also add USER 1000 to make the image test/run as non-root, and update the README.md Signed-off-by: tomsweeneyredhat --- contrib/helloimage/README.md | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'contrib/helloimage/README.md') diff --git a/contrib/helloimage/README.md b/contrib/helloimage/README.md index 93edcc527..ca69f87b4 100644 --- a/contrib/helloimage/README.md +++ b/contrib/helloimage/README.md @@ -19,7 +19,7 @@ Using this image is helpful to: The contents of this directory contain: * ./Containerfile - * ./podman_hello_world.bash + * ./podman_hello_world.c ## Sample Usage @@ -28,7 +28,7 @@ To simply run the image: ``` podman run quay.io/podman/hello -! ... Hello Podman World ...! +!... Hello Podman World ...! .--"--. / - - \ @@ -49,7 +49,29 @@ To build the image yourself, copy the files from this directory into a local directory and issue these commands: ``` -chmod 755 ./podman_hello_world.bash podman build -t myhello . podman run myhello ``` + +## Potential Issues: + +The image runs as a rootless user with the UID set to `1000`. +If the /etc/subuid and /etch/subgid values are not set appropriately to run as a +rootless user on the host, an error like this might be raised: + +``` +Copying blob acab339ca1e8 done +ERRO[0002] Error while applying layer: ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument +Error: writing blob: adding layer with blob "sha256:ee0cde9de8a68f171a8c03b0e9954abf18576947e2f3187e84d8c31ccd8f6a09": ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument +``` + +Please refer to this [blog post](https://www.redhat.com/sysadmin/rootless-podman) for further configuration information. + +## THANKS! + +Many Thanks to @afbjorklund for a great discussion during the +first revision of this container image that resulted in moving +from using bash to using C, and the ensuing changes to the +Containerfile. + +Also many thanks to @mairin for the awesome ASCII art! -- cgit v1.2.3-54-g00ecf