Re: [PATCH 5.14 000/151] 5.14.14-rc1 review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Tue, Oct 19, 2021 at 08:47:58AM +0200, Greg Kroah-Hartman wrote:
> Ah much better, I had an older version of tuxmake here.
> 
> Now it fails with an expected permission problem:
> Error: writing blob: adding layer with blob "sha256:10348114f214e2f07f30fa82aaa743c1750b2a9025cc8bec19f3f4f2b087a96d": Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid: lchown /etc/gshadow: invalid argument
> E: Runtime preparation failed: failed to pull remote image docker.io/tuxmake/arm64_gcc-11
> 
> Note, I will not run kernel builds or random containers downloaded from
> the internet as root, sorry :)

Note that podman does *not* run as root by default¹, and that's why
tuxbuild recommends it instead of docker. What it does need, is the
ability to create an unprivileged user namespace. This includes:

- having the `kernel.unprivileged_userns_clone` sysctl set to 1

- having enough UIDs and GIDs in the /etc/sub*id mappings, which is the
  error message you got is complaining about. Just having the following
  lines should be enough:

  $ grep -H terceiro /etc/sub*id
  /etc/subgid:terceiro:100000:65536
  /etc/subuid:terceiro:100000:65536

  On Debian, those are added by default when you created an user
  account. I'm not sure about other systems.

¹ by default in a podman container you are root from the POV of the
  container, but uid 0 in the container is actually mapped to your regular
  UID on the host system.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux