Closed ingobecker closed 7 years ago
I figured out, how to fix it. The container i used to run acbuild in needs to have the additional capability CAP_SYS_ADMIN
added as well as the systems calls "mount", "umount", "umount2"
to the seccomp isolators retain-set. The acbuild begin
command then needs to be run from inside a directory into which a volume is mounted which is based on a filesystem supported by overlayfs. That made acbuild extract and mount the aci image dependency correctly and running the command inside the chroot worked as expected.
Glad you were able to make it work, let me know if you run into any more problems
The problem that i'm facing now is the lack of /dev, /proc and /sys filesystems. I'm wondering if those are not bindmounted into the chroot intentionally and what the reasons might be.
It's not an intentional thing, the chroot engine just sets less up for the container than the default engine does. Is there a reason that you can't use the default run engine?
As i mentioned, i try to run acbuild from inside a rkt container. Running systemd-nspawn nested inside systemd-nspawn seems to cause some issues. At least, when used as the run engine, i get the output "Not running on a systemd system". Don't know what exactly causes the problem. Thats why i tried to use the chroot engine.
I'm trying to build my aci images form inside a rkt container but using the command
run --insecure --engine chroot
doesn't work. The commands output shows that the image the build depends on was downloaded but nothing more. Building the image from outside the container works as expected. I also limited the capabilities of the build which i run on the host system to match those used inside a container but that also worked out well, so i guess it's unrelated to capabilities. Any suggestions on what could cause this issue or how to debug it?