Closed cryobry closed 4 years ago
This worked when I ran it for root, (Eliminating the buildah unshare calls).
@edsantiago PTAL. I am trying to get this to work, with something like:
cnt=$(buildah from scratch)
buildah unshare sh -c 'mnt=$(buildah mount $cnt) \
dnf install -y \
--installroot $mnt
--releasever=32 \
--setopt install_weak_deps=false \
bash coreutils'
buildah run "$cnt" -- /usr/bin/bash
But failing miserably.
@cryobry I believe the issue is that The mount point here: mnt=$(buildah unshare buildah mount "$cnt") Will not survive after buildah unshare finishes, Since the mount namespace is created and destroyed in the call to buildah unshare. The next buildah unshare is just writing onto the upper directory at that path, but the container is not mounted. When you execute the buildah run command, then buildah again mounts the image, and there is no content, since the content you wrote to is now mounted over. Running the buildah mount and the dnf install in the same buildah unshare is the correct way to do this. but you need to do some bash gymnastics to make it work.
That would also explain why I could never successfully unmount using buildah unshare buildah unmount
.
Doesn't this imply that buildah unshare buildah unmount
is pointless? Is there a drawback to not specifying a subsequent buildah unmount
in the singular buildah unshare
command, considering the namespace is destroyed upon command completion? Obviously the $mnt dir is not removed if buildah unmount
is not run in the buildah mount
namespace which has led to this bug report.
In light of this, could it be possible to create a persistent and reusable buildah unshare namespace to ease shell scripting (assuming it is even possible with subshells--I will give it a go today)?
If it is not possible, when the mount namespace is destroyed after the buildah unshare command finishes, shouldn't the $mnt dir also be removed even if buildah unmount
is not explicitly called? Maybe that is too much hand-holding, but at least utilities like dnf would complain about installing to a non-existent directory.
@rhatdan first things first: simplify.
# cnt=$(buildah from scratch)
That works fine. But before we go any further, we need to export
it because it is referenced in a subshell. Let's also just stick with the basics, try just the unshare/mount:
# export cnt
# buildah unshare sh -c 'buildah mount $cnt'
ERRO error unmounting /var/lib/containers/storage/overlay/b5931cfc16feeefe9b2d14d6c00f31682acf183da3864fbd1791689214d3ca75/merged: invalid argument
error mounting "working-container" container "working-container": error mounting build container "1ac0f2595607c01d50e3e48daded7938ae65346cf0f004861f6626242bebcb45": error creating overlay mount to /var/lib/containers/storage/overlay/b5931cfc16feeefe9b2d14d6c00f31682acf183da3864fbd1791689214d3ca75/merged: operation not permitted
ERRO exit status 125
ERRO exit status 125
(same thing with buildah unshare buildah mount $cnt
, FWIW).
"error unmounting" surprised me, so I considered the possibility that the mount
was succeeding but then something died when unshare
exited. Nope:
# buildah unshare sh -c 'mnt=$(buildah mount $cnt); echo $mnt'
[same error]
<---- now with a blank line at the end, presumably showing the empty $mnt
I don't see how this helps, but I don't understand unshare
so am posting anyway in hopes that it will help you converge on an understanding of the problem.
Thanks for the hints, now this is successful:
declare -x cnt=$(buildah from scratch)
buildah unshare sh -c '\
mnt=$(buildah mount $cnt) && \
dnf install -y \
--installroot $mnt \
--releasever=32 \
--setopt install_weak_deps=false \
bash coreutils && \
buildah unmount $cnt'
buildah run "$cnt" /usr/bin/bash
bash-5.0#
Feel free to close @rhatdan. I'm satisfied running everything inside buildah unshare
even though it's a bit messy.
Excellent, although I like this as an example. Running buildah as root would be a lot easier.
How about something like this which would work both as root and non root, and it is easier to understand.
cat /tmp/buildah.sh
#!/bin/sh
build() {
cnt=$(buildah from scratch)
mnt=$(buildah mount $cnt)
dnf install -y \
--installroot $mnt \
--releasever=32 \
--setopt install_weak_deps=false \
bash coreutils
buildah run "$cnt" /usr/bin/bash
}
if [[ $EUID -ne 0 ]]; then
exec buildah unshare $0
fi
build
Description
I am creating a simple container from scratch, following: https://www.projectatomic.io/blog/2017/08/buildah-getting-fit/
However, I cannot get anything to execute with
buildah run
in a container built from scratch (everything works as expected when starting with an existing image).Steps to reproduce the issue:
Describe the results you received:
Describe the results you expected:
Enter a bash shell in the working container.
Output of
rpm -q buildah
orapt list buildah
:Output of
buildah version
:Output of
podman version
if reporting apodman build
issue:*Output of `cat /etc/release`:**
Output of
uname -a
:Output of
cat /etc/containers/storage.conf
:Additional Info It appears that the executable is in place and with the correct permissions: