Re: Docker and user namespaces on F30
> On Mon, May 06, 2019 at 04:17:18PM +0200, Jun Aruga wrote: > > Podman 1.2 and Docker CE 18.09.5 on My Fedora 30 work for your use case. > > > > $ docker --version > > Docker version 18.09.5, build e8ff056 > > This is not what Fedora ships. We have (in F30) > docker-1.13.1-67.git1185cfd or moby-engine-18.06.3-2.ce.gitd7080c1. Yes, it's not what Fedora ships, because I wanted to use below feature in my use cases. The docker Fedora ships does not have the feature, but podman has it. https://github.com/moby/moby/blob/master/CHANGELOG.md > 17.05.0-ce (2017-05-04) > Allow using build-time args (ARG) in FROM #31352 The rpms/docker will be removed on F31. I guess after F31, rpms/podman's poman-docker is the new one for the docker command. https://src.fedoraproject.org/rpms/docker/tree/master https://src.fedoraproject.org/rpms/podman/blob/master/f/podman.spec#_520 I use both Podman and Docker CE to check compatibilitiies between them and check Docker CE's new features, reporting it to podman GitHub for contributions. I think that it's beneficial that someone does this to know the trend, not to be isolated from the market's needs. > What is going on with this very weird, very confusing versioning? The Fedora version doesn't even look like the upstream date-based version numbers? Is the Fedora release really just that old? Yes, the Fedora release is old. Though I might be wrong, It's because I suppose that docker changed the versioning and lisence policy at the point of the past time. Fedora can not ship it because of that. After F31, you do not see the confusing versioning, because podman-docker is shipped instead of docker. -- Jun Aruga / He - His - Him ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Docker and user namespaces on F30
On Fri, May 10, 2019 at 12:10 PM, Tomasz Torcz wrote: This is not what Fedora ships. We have (in F30) docker-1.13.1-67.git1185cfd or moby-engine-18.06.3-2.ce.gitd7080c1. What is going on with this very weird, very confusing versioning? The Fedora version doesn't even look like the upstream date-based version numbers? Is the Fedora release really just that old? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Docker and user namespaces on F30
On Mon, May 06, 2019 at 04:17:18PM +0200, Jun Aruga wrote: > Podman 1.2 and Docker CE 18.09.5 on My Fedora 30 work for your use case. > > $ docker --version > Docker version 18.09.5, build e8ff056 This is not what Fedora ships. We have (in F30) docker-1.13.1-67.git1185cfd or moby-engine-18.06.3-2.ce.gitd7080c1. -- Tomasz Torcz ,,If you try to upissue this patchset I shall be seeking xmpp: zdzich...@chrome.pl an IP-routable hand grenade.'' -- Andrew Morton (LKML) ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Docker and user namespaces on F30
On Wed, 2019-05-08 at 19:09 +0200, Jun Aruga wrote: > > Which looks even stranger. > > > > I see we don't have the same version of docker. I have version > > 18.06.3, > > build d7080c1. Did you install docker from > > https://docs.docker.com/install/ ? > > Yes, for docker-ce I installed it from the page's Linux/Fedora page > when I used Fedora 29. > > If you are fine to remove all the images, try below one. > > $ sudo systemctl stop docker > $ cd /var/lib/ > $ sudo rm -rf docker > $ sudo systemctl start docker > <= recreate initial /var/lib/docker > $ docker run -it --rm docker.io/php:7-fpm-alpine sh I tried and it didn't work. > > For podman, if you have not set the rootless setting to run podman > without sudo, you can try it with sudo. > > $ sudo podman run -it --rm docker.io/php:7-fpm-alpine sh > > Does below command work for you? > > $ docker run -t --rm docker.io/alpine uname -a > Linux 828dcafd0bbe 5.0.10-300.fc30.x86_64 #1 SMP Tue Apr 30 16:22:12 > UTC 2019 x86_64 Linux > > > However, dk run --userns=host -it --rm docker.io/php:7-fpm-alpine > > sh > > works fine. So it seems to be limited to user namespaces. > > What is dk command? An alias to the docker command. I forgot to edit the command after pasting it here. Sorry. > I managed to make the command work after updating to docker 18.09.5 (same version as you). Docker doesn't officially provide RPM for fedora 30 for the stable version of docker yet but I was able to build it from SRPM available on koji for F31. So I guess I'll just ask if this version can be pushed to F30. > -- > Jun Aruga / He - His - Him -- Julien Enselme http://www.jujens.eu/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Docker and user namespaces on F30
> Which looks even stranger. > > I see we don't have the same version of docker. I have version 18.06.3, > build d7080c1. Did you install docker from > https://docs.docker.com/install/ ? Yes, for docker-ce I installed it from the page's Linux/Fedora page when I used Fedora 29. If you are fine to remove all the images, try below one. $ sudo systemctl stop docker $ cd /var/lib/ $ sudo rm -rf docker $ sudo systemctl start docker <= recreate initial /var/lib/docker $ docker run -it --rm docker.io/php:7-fpm-alpine sh For podman, if you have not set the rootless setting to run podman without sudo, you can try it with sudo. $ sudo podman run -it --rm docker.io/php:7-fpm-alpine sh Does below command work for you? $ docker run -t --rm docker.io/alpine uname -a Linux 828dcafd0bbe 5.0.10-300.fc30.x86_64 #1 SMP Tue Apr 30 16:22:12 UTC 2019 x86_64 Linux > However, dk run --userns=host -it --rm docker.io/php:7-fpm-alpine sh > works fine. So it seems to be limited to user namespaces. What is dk command? -- Jun Aruga / He - His - Him ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Docker and user namespaces on F30
Sadly this doesn't work either. With podman, I have this error: ERRO[0004] Error pulling image ref //php:7-fpm-alpine: Error committing the finished image: error adding layer with blob "sha256:f581654c6ada4fba71ebfbfe4cd96430abe7b5dabebd92a6a62c11391a79cc9 8": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 82:82 for /home/www-data): lchown /home/www-data: invalid argument Failed Error: unable to pull docker.io/php:7-fpm-alpine: unable to pull image: Error committing the finished image: error adding layer with blob "sha256:f581654c6ada4fba71ebfbfe4cd96430abe7b5dabebd92a6a62c11391a79cc9 8": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 82:82 for /home/www-data): lchown /home/www-data: invalid argument Which looks even stranger. I see we don't have the same version of docker. I have version 18.06.3, build d7080c1. Did you install docker from https://docs.docker.com/install/ ? -- Julien Enselme http://www.jujens.eu/ Je lun, 2019-05-06 je 16:17 +0200, Jun Aruga skribis: > Podman 1.2 and Docker CE 18.09.5 on My Fedora 30 work for your use > case. > > $ rpm -q kernel > kernel-5.0.5-200.fc29.x86_64 > kernel-5.0.10-200.fc29.x86_64 > kernel-5.0.10-300.fc30.x86_64 > > $ podman --version > podman version 1.2.0 > > $ podman run -it --rm docker.io/php:7-fpm-alpine sh > /var/www/html # uname -a > Linux f8b9dafd7816 5.0.10-300.fc30.x86_64 #1 SMP Tue Apr 30 16:22:12 > UTC 2019 x86_64 Linux > > $ docker --version > Docker version 18.09.5, build e8ff056 > > $ docker run -it --rm docker.io/php:7-fpm-alpine sh > /var/www/html # uname -a > Linux 936e897b0a9b 5.0.10-300.fc30.x86_64 #1 SMP Tue Apr 30 16:22:12 > UTC 2019 x86_64 Linux > > On Sat, May 4, 2019 at 5:05 PM Julien Enselme > wrote: > > Hi, > > > > I just updated to F30 and my docker setup with user namespaces > > doesn't > > work anymore. When I try to run: > > docker run -it --rm docker.io/php:7-fpm-alpine sh > > I get this error: > > docker: Error response from daemon: OCI runtime create failed: > > container_linux.go:348: starting container process caused > > "process_linux.go:402: container init caused \"rootfs_linux.go:58: > > mounting \\\"mqueue\\\" to rootfs > > \\\"/var/lib/docker/1000.1001/btrfs/subvolumes/38ce5c87e31bbbcec010 > > db85 > > 383d1af57e8652ff4e4c411cebe0c2102a36a020\\\" at \\\"/dev/mqueue\\\" > > caused \\\"operation not permitted\\\"\"": unknown. > > > > I tried to disable SELinux with setenforce 0 but got the same > > result. > > > > However, dk run --userns=host -it --rm docker.io/php:7-fpm-alpine > > sh > > works fine. So it seems to be limited to user namespaces. > > > > My kernel: 5.0.9-301.fc30.x86_64 > > > > Any ideas on where this may come from? This worked fine on F29 (and > > probably on older versions too, I have this setup for a while now). > > > > Regards, > > -- > > Julien Enselme > > http://www.jujens.eu/ > > ___ > > devel mailing list -- devel@lists.fedoraproject.org > > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > > -- > Jun Aruga / He - His - Him > jar...@redhat.com / IRC: jaruga > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org signature.asc Description: This is a digitally signed message part ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Docker and user namespaces on F30
Podman 1.2 and Docker CE 18.09.5 on My Fedora 30 work for your use case. $ rpm -q kernel kernel-5.0.5-200.fc29.x86_64 kernel-5.0.10-200.fc29.x86_64 kernel-5.0.10-300.fc30.x86_64 $ podman --version podman version 1.2.0 $ podman run -it --rm docker.io/php:7-fpm-alpine sh /var/www/html # uname -a Linux f8b9dafd7816 5.0.10-300.fc30.x86_64 #1 SMP Tue Apr 30 16:22:12 UTC 2019 x86_64 Linux $ docker --version Docker version 18.09.5, build e8ff056 $ docker run -it --rm docker.io/php:7-fpm-alpine sh /var/www/html # uname -a Linux 936e897b0a9b 5.0.10-300.fc30.x86_64 #1 SMP Tue Apr 30 16:22:12 UTC 2019 x86_64 Linux On Sat, May 4, 2019 at 5:05 PM Julien Enselme wrote: > > Hi, > > I just updated to F30 and my docker setup with user namespaces doesn't > work anymore. When I try to run: > docker run -it --rm docker.io/php:7-fpm-alpine sh > I get this error: > docker: Error response from daemon: OCI runtime create failed: > container_linux.go:348: starting container process caused > "process_linux.go:402: container init caused \"rootfs_linux.go:58: > mounting \\\"mqueue\\\" to rootfs > \\\"/var/lib/docker/1000.1001/btrfs/subvolumes/38ce5c87e31bbbcec010db85 > 383d1af57e8652ff4e4c411cebe0c2102a36a020\\\" at \\\"/dev/mqueue\\\" > caused \\\"operation not permitted\\\"\"": unknown. > > I tried to disable SELinux with setenforce 0 but got the same result. > > However, dk run --userns=host -it --rm docker.io/php:7-fpm-alpine sh > works fine. So it seems to be limited to user namespaces. > > My kernel: 5.0.9-301.fc30.x86_64 > > Any ideas on where this may come from? This worked fine on F29 (and > probably on older versions too, I have this setup for a while now). > > Regards, > -- > Julien Enselme > http://www.jujens.eu/ > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Jun Aruga / He - His - Him jar...@redhat.com / IRC: jaruga ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Docker and user namespaces on F30
Hi, I just updated to F30 and my docker setup with user namespaces doesn't work anymore. When I try to run: docker run -it --rm docker.io/php:7-fpm-alpine sh I get this error: docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\\"mqueue\\\" to rootfs \\\"/var/lib/docker/1000.1001/btrfs/subvolumes/38ce5c87e31bbbcec010db85 383d1af57e8652ff4e4c411cebe0c2102a36a020\\\" at \\\"/dev/mqueue\\\" caused \\\"operation not permitted\\\"\"": unknown. I tried to disable SELinux with setenforce 0 but got the same result. However, dk run --userns=host -it --rm docker.io/php:7-fpm-alpine sh works fine. So it seems to be limited to user namespaces. My kernel: 5.0.9-301.fc30.x86_64 Any ideas on where this may come from? This worked fine on F29 (and probably on older versions too, I have this setup for a while now). Regards, -- Julien Enselme http://www.jujens.eu/ signature.asc Description: This is a digitally signed message part ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
