search

filecoin-saturn / L1-node

Filecoin Saturn L1 Node • The edge cache layer of Filecoin's decentralized CDN 🪐
Other
144 stars 50 forks source link

Support running the container rootless #115

Open vorburger opened 1 year ago

vorburger commented 1 year ago

I am exploring running the ghcr.io/filecoin-saturn/l1-node:main container in another container runtime environment (k8s) than on Docker via your run.sh and noticed the following error:

2022/11/19 23:42:19 [emerg] 29#29: chown("/usr/src/app/shared/nginx_cache", 101) failed (1: Operation not permitted)
nginx: [emerg] chown("/usr/src/app/shared/nginx_cache", 101) failed (1: Operation not permitted)

I suspect that this is because on (my) k8s the file permission on the /usr/src/app/shared/ volume is slightly different than on Docker?

I'm not sure you if this is a real problem or can just be ignored.

vorburger commented 1 year ago

I'm not sure you if this is a real problem or can just be ignored.

This log message is a "real" critical (note emerg = Nginx "Emergency") problem which blocks orderly start-up.

120 raised to make this easier to understand for future users.

I suspect that this is because on (my) k8s the file permission (...)

It's actually not really that, the reason was just that I tried to run it with more limited Linux capabilities than root, for a better security posture. This would be similar e.g. to "rootless" Docker (or Podman), where I suspect one woul also run int this error (not yet tested).

vorburger commented 1 year ago

https://github.com/docker-library/docs/tree/master/nginx#running-nginx-as-a-non-root-user 😹