github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-31 08:28:34 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1196 from fidencio/wip/fix-docker-extra-args

Browse Source 
rootfs: Don't fallthrough in the docker_extra_args() switch
This commit is contained in:
Julio Montes
2021-01-11 14:04:56 -06:00
committed by GitHub
parent a6d52d3da1 b329a74f18
commit ea069002b7
1 changed files with 25 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@@ -181,32 +181,38 @@ docker_extra_args()
{
local args=""
# Required to mount inside a container
args+=" --cap-add SYS_ADMIN"
# Requred to chroot
args+=" --cap-add SYS_CHROOT"
# debootstrap needs to create device nodes to properly function
args+=" --cap-add MKNOD"
case "$1" in
gentoo)
# Requred to chroot
args+=" --cap-add SYS_CHROOT"
# debootstrap needs to create device nodes to properly function
args+=" --cap-add MKNOD"
# Required to mount inside a container
args+=" --cap-add SYS_ADMIN"
gentoo)
# Required to build glibc
args+=" --cap-add SYS_PTRACE"
# mount portage volume
args+=" -v ${gentoo_local_portage_dir}:/usr/portage/packages"
args+=" --volumes-from ${gentoo_portage_container}"
;;
ubuntu | debian)
# Requred to chroot
args+=" --cap-add SYS_CHROOT"
# debootstrap needs to create device nodes to properly function
args+=" --cap-add MKNOD"
;&
suse)
# Required to mount inside a container
args+=" --cap-add SYS_ADMIN"
# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
# See https://github.com/moby/moby/issues/16429
args+=" --security-opt apparmor=unconfined"
debian | ubuntu | suse)
source /etc/os-release
case "$ID" in
fedora | centos | rhel)
# Depending on the podman version, we'll face issues when passing
# `--security-opt apparmor=unconfined` on a system where not apparmor is not installed.
# Because of this, let's just avoid adding this option when the host OS comes from Red Hat.
# A explict check for podman, at least for now, can be avoided.
;;
*)
# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
# See https://github.com/moby/moby/issues/16429
args+=" --security-opt apparmor=unconfined"
;;
esac
;;
*)
;;