Hi,
On Mon, Apr 24, 2017 at 12:29 PM, Michal Minar <miminar@xxxxxxxxxx> wrote:
Did anyone successfully set up his fedora packaging environment in a docker container?
I didn't get past `kinit miminar@xxxxxxxxxxxxxxxxx` in a container. It gives me:Invalid UID in persistent keyring name while getting default ccache
This is caused because Docker installs a default seccomp policy that denies access to the Kernel keyring because this is not namespaced.
You can work around this by "export KRB5CCNAME=/tmp/ticket".
Alternatively, you can allow the container access to your host keyring.
For this, you can start with my policy: https://github.com/puiterwijk/development-environments/blob/master/docker/koji/policy.json.
This is based on Docker 1.13.
For the 1.12 and earlier version, grab: https://github.com/puiterwijk/development-environments/blob/ed497fbbd56432eca1b27ce41903ed2c33aaa051/docker/koji/policy.json.
Then on the docker run command, add: --security-opt seccomp=$HOME/Documents/Development/Environments/docker/koji/policy.json
Do note that if you want to do kinit, you will want to add the add_key call as well (I just do kinit on my workstation, and use the seccomp policy to allow my koji container access to it).
I'd be very glad for any suggestion or advice. Until then, I'll stick with a VM.Regards,--
Regards,
Patrick
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
