Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-03-06 Thread Muayyad AlSadi
what about requiring sudo to do nsenter? (even when using runc rootless) On Mon, Mar 5, 2018 at 4:09 PM, Giuseppe Scrivano wrote: > Muayyad AlSadi writes: > > > when using runc > > > > $ mypid=`runc list | tail -n 1 | awk '{print $2}'` > > $ nsenter -a

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-03-05 Thread Giuseppe Scrivano
Muayyad AlSadi writes: > when using runc > > $ mypid=`runc list | tail -n 1 | awk '{print $2}'` > $ nsenter -a -t $mypid /bin/sh > nsenter: reassociate to namespace 'ns/cgroup' failed: Operation not permitted > $ sudo nsenter -a -t $mypid /bin/sh > # worked fine > > but when

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-03-05 Thread Muayyad AlSadi
when using runc $ mypid=`runc list | tail -n 1 | awk '{print $2}'` $ nsenter -a -t $mypid /bin/sh nsenter: reassociate to namespace 'ns/cgroup' failed: Operation not permitted $ sudo nsenter -a -t $mypid /bin/sh # worked fine but when using bwraps $ mypid=`bwrap-oci list | tail -n 1 | awk

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-03-05 Thread Giuseppe Scrivano
Muayyad AlSadi writes: > it seems there is no bwrap-oci exec and nsenter does not work as regular user. > > how to enter an existing user name space just like "runc exec redis /bin/sh" > using bubble wrap or nsenter? exec is not implemented yet. The easiest way to workaround

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-03-05 Thread Muayyad AlSadi
it seems there is no bwrap-oci exec and nsenter does not work as regular user. how to enter an existing user name space just like "runc exec redis /bin/sh" using bubble wrap or nsenter? On Sun, Feb 25, 2018 at 10:58 PM, Muayyad AlSadi wrote: > > is this still broken with my

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-25 Thread Giuseppe Scrivano
Muayyad AlSadi writes: > here is my blog post > > https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html if you are interested to put this blog post in the perspective of how the atomic CLI works and explains its internals as you did, I can help you with the

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-25 Thread Giuseppe Scrivano
Muayyad AlSadi writes: >> Please use the original config.json file you get with 'runc spec --rootless' >> and change only the process/args there. > > that did not work, is this still broken with my PR? Giuseppe

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-25 Thread Muayyad AlSadi
> Please use the original config.json file you get with 'runc spec --rootless' and change only the process/args there. that did not work, > that won't work, you need to specify the mounts. Have you tried with bwrap-oci from the PR I've opened? I'm using this $ rpm -q bwrap-oci

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-25 Thread Giuseppe Scrivano
Muayyad AlSadi writes: > no, it did not work for me > > I've removed the entire mount section > > "mounts": [ ], that won't work, you need to specify the mounts. Have you tried with bwrap-oci from the PR I've opened? Please use the original config.json file you get with

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-25 Thread Muayyad AlSadi
no, it did not work for me I've removed the entire mount section "mounts": [ ], I tried to only remove the sys/none item in mounts, it got stuck (no output, no error message and on another terminal it would be running) the following bwrap-oci --dry-run run delme gives /usr/bin/bwrap

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-25 Thread Giuseppe Scrivano
Hi Muayyad, Muayyad AlSadi writes: > here is my blog post > > https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html That is definitely a great blog post! It is a very good explanation of how the atomic CLI works for a non root user. > the error in

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-23 Thread Muayyad AlSadi
here is my blog post https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html the error in "bwrap-oci run" bwrap-oci: unknown mount type none was because of type none in /sys "mounts": [ ... { "destination": "/sys", "type": "none",

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-22 Thread Muayyad AlSadi
after that, the following worked cd cont1 runc spec runc run myname I also tried "runc spec --rootless" and it worked but bwrap-oci did not $ bwrap-oci run bwrap-oci: unknown mount type none On Fri, Feb 23, 2018 at 1:33 AM, Muayyad AlSadi wrote: > ostree checkout

Re: [atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-22 Thread Muayyad AlSadi
ostree checkout ociimage/nginx_3Alatest cont1 cat cont1/manifest.json | jq '.layers[]|.digest' | sed -re 's/"//g' | cut -d ':' -f 2 | while read a; do echo ostree checkout --union ociimage/$a cont1/rootfs; done what's next? On Fri, Feb 23, 2018 at 12:18 AM, Muayyad AlSadi

[atomic-devel] how to try combining skopeo+ostree+bwrap-oci

2018-02-22 Thread Muayyad AlSadi
hi, I'm running fedora as regular user and I wonder how can I use skopeo+ostree+bwrap-oci to run a docker image using bwrap-oci having files stored as ostree $ mkdir ostree $ cd ostree $ ostree init --mode=bare-user --repo=$PWD $ skopeo copy docker://redis:alpine ostree:redis@$PWD $ skopeo copy