Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[docs] Running rootlesskit inside docker with few permissions #150

Open
michaelzangl opened this issue May 12, 2020 · 1 comment
Open

[docs] Running rootlesskit inside docker with few permissions #150

michaelzangl opened this issue May 12, 2020 · 1 comment
Labels
area/docs documentation

Comments

@michaelzangl
Copy link

We want to run rootlesskit inside a docker container, to be able to run a docker daemon there (for integreation tests)

I know that I can run the container that is starting rootlesskit with seccomp=unconfined apparmor=unconfined systempaths=unconfined

This is removing a lot of docker security functionality. It should be documented on how to run the container with the least privileges required, especially which system calls it acutally needs / a custom seccomp profile.
@AkihiroSuda AkihiroSuda added the area/docs documentation label May 14, 2020
@AkihiroSuda AkihiroSuda changed the title Running rootlesskit inside docker with few permissions [docs] Running rootlesskit inside docker with few permissions May 14, 2020
@AkihiroSuda
Copy link
Member

We want to run rootlesskit inside a docker container, to be able to run a docker daemon there (for integreation tests)

You need full --privileged for rootless docker-in-docker.

For other use cases (e.g. rootless buildkit in docker), seccomp=unconfined apparmor=unconfined should be enough.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/docs documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelzangl @AkihiroSuda