atomic containers list should mention that it needs a privileged user

[apollo13]

Running atomic containers list as a normal user just returns nothing. It would be nice if it could tell you that it requires a user in the docker group to run.

[giuseppe]

it lists the containers owned by the current user, you can try to install one as:

$ atomic install --user registry.fedoraproject.org/f27/etcd

The container is managed through systemd --user and bwrap-oci. There is an open PR to change the default to runc as the support for rootless containers in runc improved a lot over the last year: https://github.com/projectatomic/atomic/pull/1226

[apollo13]

Do I need to install some extra tools for brap-oci or are they supposed to be part of the atomic image (https://www.projectatomic.io/blog/2017/07/unprivileged-containers-with-bwrap-oci-and-bubblewrap/ seems to suggest they require an install, but that is a while ago)? Cause I currently get:

[bap@atomic01 ~]$ atomic install --user registry.fedoraproject.org/f27/etcd
Cannot install the container: the runtime /usr/bin/bwrap-oci is not installed
Some operations for 'install' require root access.

Are there any more docs on bwrap-oci that you can recommend?

[giuseppe]

that won't work on AH yet, as bwrap-oci is not part of the image. As soon as we move to runc by default, we won't have that kind of issues on AH.

You could force the runtime with --runtime /usr/bin/runc but without the PR I've linked before, the etcd system container won't work as non-root user. But you could still try to install it and list with atomic images list -a

[apollo13]

Ok, thanks for the explanation. I'll read up on runc and how that all fits together.