packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
runc/patch/0022-Add-a-rootless-containers-section-on-README.patch
openeuler-iSula 5904ba4dcf runc: package init 
Signed-off-by: openeuler-iSula <isula@huawei.com>
2019-12-29 15:34:20 +08:00

64 lines
2.4 KiB
Diff
Raw Blame History

From e287eae0ba5cb39df6f09b3ce8436af3810986f3 Mon Sep 17 00:00:00 2001
From: Jonh Wendell <jonh.wendell@redhat.com>
Date: Fri, 21 Apr 2017 20:43:56 -0300
Subject: [PATCH 22/94] Add a rootless containers section on README
Closes #1413.
Change-Id: I9058fea54d9f25c2fc0f07ca74a83300eed40b73
Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com>
---
README.md | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index ae1ab28..a951f0d 100644
--- a/README.md
+++ b/README.md
@@ -117,8 +117,8 @@ Assuming you have an OCI bundle from the previous step you can execute the conta
The first way is to use the convenience command `run` that will handle creating, starting, and deleting the container after it exits.
```bash
+# run as root
cd /mycontainer
-
runc run mycontainerid
```
@@ -165,8 +165,8 @@ Now we can go though the lifecycle operations in your shell.
```bash
+# run as root
cd /mycontainer
-
runc create mycontainerid
# view the container is created and in the "created" state
@@ -185,6 +185,22 @@ runc delete mycontainerid
This adds more complexity but allows higher level systems to manage runc and provides points in the containers creation to setup various settings after the container has created and/or before it is deleted.
This is commonly used to setup the container's network stack after `create` but before `start` where the user's defined process will be running.
+#### Rootless containers
+`runc` has the ability to run containers without root privileges. This is called `rootless`. You need to pass some parameters to `runc` in order to run rootless containers. See below and compare with the previous version. Run the following commands as an ordinary user:
+```bash
+# Same as the first example
+mkdir ~/mycontainer
+cd ~/mycontainer
+mkdir rootfs
+docker export $(docker create busybox) | tar -C rootfs -xvf -
+
+# The --rootless parameter instructs runc spec to generate a configuration for a rootless container, which will allow you to run the container as a non-root user.
+runc spec --rootless
+
+# The --root parameter tells runc where to store the container state. It must be writable by the user.
+runc --root /tmp/runc run mycontainerid
+```
+
#### Supervisors
`runc` can be used with process supervisors and init systems to ensure that containers are restarted when they exit.
--
2.7.4.3
Reference in New Issue View Git Blame Copy Permalink