[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#55358: docker containers stopped when doing guix install or guix
|
From: |
Csepp |
|
Subject: |
Re: bug#55358: docker containers stopped when doing guix install or guix shell |
|
Date: |
Sat, 20 May 2023 00:29:04 +0200 |
Remco van 't Veer <remco@remworks.net> writes:
> Hi Maxim and Zimoun,
>
> 2023/02/09 13:26, Remco van 't Veer:
>
>> I think I know what is causing the issue. Both the "standard" mysql and
>> postgres containers use user-id 999 to run the database service (this
>> seems like a common practice because the redis container is configured
>> similarly). That user-id is also configured as guixbuilder01 so I guess
>> the guix daemon is killing those when processes when it finishes doing
>> builds.
>
> I found a solution / workaround for this problem by using
> "userns-remap". This feature allows the remapping of uids and guids to
> different ranges. I tried it by hacking the required files into my
> etc-directory and it works; guix no long kills my database containers.
>
> I'd like to add this feature to docker-service-type having a new
> configuration option named enable-userns-remap? which introduces a new
> user and group (both named dockremap) to do the remapping by adding some
> configurable number to the uids and guids of the running container. In
> /etc/subuid and /etc/subgid it would look like:
>
> dockremap:100000:65536
>
> See https://docs.docker.com/engine/security/userns-remap/ for
> documentation about this.
>
> WDYT?
>
> Cheers,
> Remco
The rootless podman example that was shared a few months ago could be
relevant to this, since that also adds a subuid/subgid mapping.