privileged or cap SYS_ADMIN not required

j8r / dockerfiles

Repository for my dockerfiles

https://hub.docker.com/u/jrei

ISC License

123 stars 46 forks source link

privileged or cap SYS_ADMIN not required #10

Closed nsymms closed 4 years ago

nsymms commented 4 years ago

FYI,

I'm able to run the container without any elevated privileges using this:

docker run -d --name systemd --tmpfs /tmp --tmpfs /run \
    --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
    jrei/systemd-debian

Seems to be working OK, but maybe I missed something??

j8r commented 4 years ago

Thanks for the tip, it works for me too. In the past, the command was with -v /sys/fs/cgroup:/sys/fs/cgroup:ro, but something has changed and it was no longer enough to have the container working.

For me, omitting --tmpfs /tmp works too (Ubuntu 20.04), can you confirm it too?

nsymms commented 4 years ago

On Debian 9.12, docker v19.03.11 if I omit --tmpfs /run I get the error:

Failed to mount tmpfs at /run: Operation not permitted
[!!!!!!] Failed to mount API filesystems.
Exiting PID 1...

I get the same error on Debian 10 and Ubuntu 18.04 also.

I need to include both --tmpfs /run and --tmpfs /run/lock for it to work.

j8r commented 4 years ago

Thanks @nsymms! I updated the instructions.