Package Details: docker-rootless-extras 26.1.2-1

Git Clone URL: https://aur.archlinux.org/docker-rootless-extras.git (read-only, click to copy)
Package Base: docker-rootless-extras
Description: Extras to run docker as non-root.
Upstream URL: https://docs.docker.com/engine/security/rootless/
Keywords: containers docker isolation rootless
Licenses: Apache
Conflicts: docker-rootless, docker-rootless-extras, docker-rootless-extras-bin
Provides: docker-rootless, docker-rootless-extras, docker-rootless-extras-bin
Submitter: whynothugo
Maintainer: the-k
Last Packager: the-k
Votes: 30
Popularity: 1.68
First Submitted: 2021-04-14 17:58 (UTC)
Last Updated: 2024-05-09 12:54 (UTC)

Pinned Comments

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 Next › Last »

whynothugo commented on 2021-05-20 19:50 (UTC)

I've updated the checksums, do they not work?

Loader009 commented on 2021-05-20 18:30 (UTC) (edited on 2021-05-20 18:30 (UTC) by Loader009)

archiso for x86_64 builds a baseline iso successfully with this package installed (skipped checksums).

Loader009 commented on 2021-05-20 17:53 (UTC)

I guess my kernel (from debian, because the aarch64 kernel from archlinux doesn't boot on my device) doesn't have that feature set.

I still have to build uboot (often used in embedded devices) and build a working kernel myself, to check what's working and what not.

archiso on aarch64 seems to be broken(?) because of some missing packages while doing mkarchiso... I have to investigate this further to be sure, what issue I have.

missing packages in core/extra/community for aarch64: archiso cloud-init mkinitcpio-archiso syslinux virtualbox-guest-utils-nox

I used the archiso from aur.

Also, I am trying to build this on my x86_64 machine - getting a ==> ERROR: Integrity checks (sha256) differ in size from the source array. from makepkg...

Investigating this myself, but I am a bit irritated. Maybe a bug inside makepkg.

whynothugo commented on 2021-05-20 16:44 (UTC)

I've updated the checksums.

I meant to ask if you managed to build an aarch64 ISO (with archiso), since I'm currently stuck on that phase before setting up an arm64 setup.

whynothugo commented on 2021-05-20 16:43 (UTC)

I'm curious why only Arch and Debian need to set kernel.unprivileged_userns_clone=1, but other distros don't.

I can still run this fine though:

$ cat /proc/sys/kernel/unprivileged_userns_clone
1

Did you actually set this variable (or reboot after installing this package)?

Loader009 commented on 2021-05-19 19:33 (UTC)

@whynothugo: Ah, sorry, I used my own PKGBUILD.

Here is an error:

==> ERROR: Integrity checks are missing for: source

You might want to add aarch64 and either do a SKIP for the first line or add this:

b67a3350da99edd549b2aa0eefd60ba7eade0072845b64d5ff0766cf64d82f34

Loader009 commented on 2021-05-19 19:29 (UTC)

@whynothugo: I could build an aarch64 package without issues, I also could install it and start docker-rootless.sh

Although, without the kernel/unprivileged_userns_clone feature I cannot build my planned docker image... this is a docker issue though.

Loader009 commented on 2021-05-19 19:27 (UTC) (edited on 2021-05-19 19:28 (UTC) by Loader009)

Something else I noticed:

Couldn't write '1' to 'kernel/unprivileged_userns_clone', ignoring: No such file or directory

This feature is contradicted and is being said to be a heavy security issue: https://github.com/archlinux/linux/commit/479ca137ea2b368c8c8e84d5ce7c4084f5653a0d#diff-02e6057517474f1cfa234bb77eb4f675a81fb1c7136a000ae8b58b63e11a546dR1179

It is also absent in the current kernel: https://github.com/archlinux/linux/blob/master/init/Kconfig#L1183

You might want to add some warning and some check, in case the kernel doesn't support it (mine does not).

whynothugo commented on 2021-05-19 19:26 (UTC)

Added aarch64 to both this and docker-rootless-extras.

I don't have an environment on which to test it though. Have you managed to build an aarch64 ISO?

« First ‹ Previous 1 2 3 4 5 6 7 8 Next › Last »