[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#55358: docker containers stopped when doing guix install or guix
|
From: |
Remco van 't Veer |
|
Subject: |
Re: bug#55358: docker containers stopped when doing guix install or guix shell |
|
Date: |
Tue, 23 May 2023 09:53:35 +0200 |
|
User-agent: |
mu4e 1.10.2; emacs 28.2 |
Hi Csepp,
2023/05/20 00:29, Csepp:
> Remco van 't Veer <remco@remworks.net> writes:
>
>> Hi Maxim and Zimoun,
>>
>> 2023/02/09 13:26, Remco van 't Veer:
>>
>>> I think I know what is causing the issue. Both the "standard" mysql and
>>> postgres containers use user-id 999 to run the database service (this
>>> seems like a common practice because the redis container is configured
>>> similarly). That user-id is also configured as guixbuilder01 so I guess
>>> the guix daemon is killing those when processes when it finishes doing
>>> builds.
>>
>> I found a solution / workaround for this problem by using
>> "userns-remap". This feature allows the remapping of uids and guids to
>> different ranges. I tried it by hacking the required files into my
>> etc-directory and it works; guix no long kills my database containers.
>>
>> I'd like to add this feature to docker-service-type having a new
>> configuration option named enable-userns-remap? which introduces a new
>> user and group (both named dockremap) to do the remapping by adding some
>> configurable number to the uids and guids of the running container. In
>> /etc/subuid and /etc/subgid it would look like:
>>
>> dockremap:100000:65536
>>
>> See https://docs.docker.com/engine/security/userns-remap/ for
>> documentation about this.
>>
>> WDYT?
>>
>> Cheers,
>> Remco
>
> The rootless podman example that was shared a few months ago could be
> relevant to this, since that also adds a subuid/subgid mapping.
Thanks! Borrowed that.
For future reference:
https://lists.gnu.org/archive/html/guix-devel/2023-03/msg00176.html
Cheers,
Remco