Closed apollo13 closed 6 years ago
it lists the containers owned by the current user, you can try to install one as:
$ atomic install --user registry.fedoraproject.org/f27/etcd
The container is managed through systemd --user
and bwrap-oci
. There is an open PR to change the default to runc as the support for rootless containers in runc improved a lot over the last year: https://github.com/projectatomic/atomic/pull/1226
Do I need to install some extra tools for brap-oci
or are they supposed to be part of the atomic image (https://www.projectatomic.io/blog/2017/07/unprivileged-containers-with-bwrap-oci-and-bubblewrap/ seems to suggest they require an install, but that is a while ago)? Cause I currently get:
[bap@atomic01 ~]$ atomic install --user registry.fedoraproject.org/f27/etcd
Cannot install the container: the runtime /usr/bin/bwrap-oci is not installed
Some operations for 'install' require root access.
Are there any more docs on bwrap-oci
that you can recommend?
that won't work on AH yet, as bwrap-oci is not part of the image. As soon as we move to runc by default, we won't have that kind of issues on AH.
You could force the runtime with --runtime /usr/bin/runc
but without the PR I've linked before, the etcd system container won't work as non-root user. But you could still try to install it and list with atomic images list -a
Ok, thanks for the explanation. I'll read up on runc and how that all fits together.
Running
atomic containers list
as a normal user just returns nothing. It would be nice if it could tell you that it requires a user in the docker group to run.