From: Andreas Friesen <andreas.friesen@hbkworld.com>
To: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Subject: Re: [ptxdist] ptxdist: support podman
Date: Tue, 15 Oct 2019 23:00:07 +0000 [thread overview]
Message-ID: <87eezdipiy.fsf@faix.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <HE1PR04MB3130D438AF59679BFE2CAB6EDC930@HE1PR04MB3130.eurprd04.prod.outlook.com>
Hi
> I am currently migrating our containerized CI pipelines from docker (moby) to
> podman as it's more secure[1]. But ptxdist refuse to run as "root", but in reality
> it's running with less privileges then the user that started it.
>
> ptxdist: error: refusing to run PTXdist as root
Yesterday I had the same problem, but with docker container...
creating a buildbot user solves the problem:
--8<--- Dockefile
FROM ubuntu:18.04
...
RUN groupadd -r buildbot && useradd -r -g buildbot buildbot -m -d /buildbot
USER buildbot
## END
-->8--- Dockerfile
> Is it possible to do an extra podman check?
>
> I found "/run/.containerenv" documented as an official flag to detect that a program
> is in a container.
>
> Bruno
>
> [1] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcloudnweb.dev%2F2019%2F06%2Freplacing-docker-with-podman-power-of-podman%2F&data=02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d808d7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697&sdata=ElDMLtqmeC0MCpolB%2FJBOY4ychVC0nZLilAPXqPSZAo%3D&reserved=0
> [2] https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcontainers%2Flibpod%2Fblob%2Fmaster%2Fdocs%2Fpodman-run.1.md&data=02%7C01%7Candreas.friesen%40hbkworld.com%7Cb1fdce80d12a425cb8d808d7517496dd%7C6cce74a3397545e09893b072988b30b6%7C0%7C1%7C637067433499587697&sdata=%2FiB%2Bm9OI18uE8Tq0FH%2FHpJ8DeX0ZTEZ%2F0sLmNzDlFxQ%3D&reserved=0
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
--
Andreas Friesen
R&D Embedded Control Software
Tel. : +49 6151-803445
Fax : +49 6151-8039445
E-Mail : andreas.friesen@hbkworld.com
Web : www.hbkworld.com
Hottinger Baldwin Messtechnik GmbH, Im Tiefen See 45, 64293 Darmstadt, Germany | www.hbm.com Registered as GmbH (German limited liability corporation) in the commercial register at the local court of Darmstadt, HRB 1147 Company domiciled in Darmstadt | Managing Directors: Thomas Lippok & Jens Wiegand | Chairman of the board: Joe Vorih Als Gesellschaft mit beschränkter Haftung eingetragen im Handelsregister des Amtsgerichts Darmstadt unter HRB 1147 Sitz der Gesellschaft: Darmstadt | Geschäftsführung: Thomas Lippok & Jens Wiegand | Aufsichtsratsvorsitzender: Joe Vorih The information in this email is confidential. It is intended solely for the addressee. If you are not the intended recipient, please let me know and delete this email. Die in dieser E-Mail enthaltene Information ist vertraulich und lediglich für den Empfänger bestimmt. Sollten Sie nicht der eigentliche Empfänger sein, informieren Sie mich bitte kurz und löschen diese E-Mail.
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
prev parent reply other threads:[~2019-10-15 23:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-15 13:35 Bruno Thomsen
2019-10-15 23:00 ` Andreas Friesen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87eezdipiy.fsf@faix.i-did-not-set--mail-host-address--so-tickle-me \
--to=andreas.friesen@hbkworld.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox