From adbddac60fd9204b451019f37ea33840e857ec28 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 2 Apr 2021 09:14:59 -0400 Subject: Update podman image Dockerfile to support Podman in container [NO TEST NEEDED] Can not test this in CI/CD system since it needs to be merged in order for the Dockerfiles to even work. Modified the /etc/subuid and /etc/subgid to be able to run in rootless containers. The Range can not be the same as on the host. Add /home/podman/.config/containers/containers.conf to automatically mount /proc on /proc while inside of the container. This prevents additional permissions being required that are blocked when not in --privileged mode. Setup volumes for /var/lib/containers and /home/podman/.local/share/containwers This will prevent the errors where people are doing overlay on overlay. Signed-off-by: Daniel J Walsh --- contrib/podmanimage/testing/Dockerfile | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'contrib/podmanimage/testing/Dockerfile') diff --git a/contrib/podmanimage/testing/Dockerfile b/contrib/podmanimage/testing/Dockerfile index 97690360d..c20b26ac4 100644 --- a/contrib/podmanimage/testing/Dockerfile +++ b/contrib/podmanimage/testing/Dockerfile @@ -13,9 +13,19 @@ FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by yum that are just taking # up space. -RUN useradd podman; yum -y update; yum -y reinstall shadow-utils; yum -y install podman fuse-overlayfs --exclude container-selinux --enablerepo updates-testing; rm -rf /var/cache /var/log/dnf* /var/log/yum.* +RUN yum -y update; yum -y reinstall shadow-utils; yum -y install podman fuse-overlayfs --exclude container-selinux --enablerepo updates-testing; rm -rf /var/cache /var/log/dnf* /var/log/yum.* -ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/ +RUN useradd podman; \ +echo podman:10000:5000 > /etc/subuid; \ +echo podman:10000:5000 > /etc/subgid; + +VOLUME /var/lib/containers +VOLUME /home/podman/.local/share/containers + +ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf +ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf + +RUN chown podman:podman -R /home/podman # chmod containers.conf and adjust storage.conf to enable Fuse storage. RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf -- cgit v1.2.3-54-g00ecf