[Bug 1169966] Review Request: rocket - CLI for running app containers

bugzilla Fri, 09 Jan 2015 05:37:19 -0800

https://bugzilla.redhat.com/show_bug.cgi?id=1169966


Iago López <i...@endocode.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |i...@endocode.com



--- Comment #29 from Iago López <i...@endocode.com> ---
I just wanna mention that, as discussed in
https://github.com/coreos/rocket/issues/43, fetching and running images should
not be restricted to the superuser. To allow that, a "rocket" group should be
created and permissions in /var/lib/rkt/ should be set accordingly. That is:

drwxrwxr-x  4 root rocket 4.0K Jan  9 10:37 cas/
drwxrwx---  4 root rocket 4.0K Jan  9 10:56 containers/
drwxrwxr-x  2 root rocket 4.0K Jan  9 10:56 tmp/

Then, any user belonging to "rocket" can fetch images and read them (running is
not possible since systemd-nspawn requires root).

I think distribution packages are a good place for setting these.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1169966] Review Request: rocket - CLI for running app containers

Reply via email to