Hi Alban, Dmitry, Thanks for your feedback.
Default umask is 0022 I'm using an ext4 FS running busybox image returns different errors : $ sudo rkt fetch --insecure-options=image docker://busybox image: remote fetching from URL "docker://busybox" Downloading sha256:385e281300c: [==============================] 676 KB/676 KB Downloading sha256:a3ed95caeb0: [==============================] 32 B/32 B sha512-cdb74a334f97f442a4da5230610ccf46 $ sudo rkt run --interactive docker://busybox --exec bash image: using image from file /usr/lib/rkt/stage1-host.aci image: using image from local store for url docker://busybox networking: loading networks from /etc/rkt/net.d networking: loading network default with type ptp stage1: failed to write default.target: open stage1/rootfs/usr/lib/systemd/system/default.target: operation not permitted $ sudo rkt run --interactive docker://busybox --exec bash image: using image from file /usr/lib/rkt/stage1-host.aci image: using image from local store for url docker://busybox stage0: error setting up app image: open /var/lib/rkt/pods/run/9ba6840a-96d5-493f-8c2d-434184c689c9/stage1/rootfs/opt/stage2/busybox/manifest: operation not permitted $ sudo rkt run --interactive docker://busybox --exec bash image: using image from file /usr/lib/rkt/stage1-host.aci image: using image from local store for url docker://busybox networking: loading networks from /etc/rkt/net.d stage1: failed to setup network: open stage-1/rootfs/etc/rkt/net.d/99-default.conf: operation not permitted Also tried with alpine, same error : $ sudo rkt fetch --insecure-options=image docker://alpine image: remote fetching from URL "docker://alpine" Downloading sha256:420890c9e91: [==============================] 2.32 MB/2.32 MB sha512-e738eac1830750ac3fcd152b3c83bf75 $ sudo rkt run --interactive docker://alpine --exec bash image: using image from file /usr/lib/rkt/stage1-host.aci image: using image from local store for url docker://alpine stage0: error setting up app image: open /var/lib/rkt/pods/run/18b328cc-ff10-4e04-8457-7aa6e47aab37/stage1/rootfs/opt/stage2/alpine/manifest: operation not permitted Same error with rkt 1.4.0, also tried with systemd-container and btrfs-tools installed, no more luck. I'll try docker2aci when time will permit but I did understood that rkt automatically does the conversion when fetching docker:// uris regards, Nicolas 2016-04-19 12:22 GMT+02:00 Dmitry Smirnov <only...@debian.org>: > Hi Alban, > > Thank you for checking this issue. > > FYI by default Debian bug tracker send emails only to maintainers. You need > to explicitly CC to reporter or to nnnnnn-submit...@bugs.debian.org (added to > CC). See more: > > https://www.debian.org/Bugs/Developer#followup > > -- > Best wishes, > Dmitry Smirnov. > > > On Tuesday, 19 April 2016 11:59:40 AM AEST Alban Crequy (Kinvolk) wrote: >> Hi, >> >> I have not seen that issue before. I cannot reproduce. >> >> Does it work with other Docker images such as docker://busybox? What >> is your default umask when running things with sudo? What is the >> filesystem used for /var/lib/rkt (ext4, btfs...)? > -- Nicolas Le Cam