github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-03 09:54:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1196 from fidencio/wip/fix-docker-extra-args

Browse Source 
rootfs: Don't fallthrough in the docker_extra_args() switch
This commit is contained in:
Julio Montes
2021-01-11 14:04:56 -06:00
committed by GitHub
parent a6d52d3da1 b329a74f18
commit ea069002b7
1 changed files with 25 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@@ -181,32 +181,38 @@ docker_extra_args()
{ {
local args="" local args=""
# Required to mount inside a container
args+=" --cap-add SYS_ADMIN"
# Requred to chroot
args+=" --cap-add SYS_CHROOT"
# debootstrap needs to create device nodes to properly function
args+=" --cap-add MKNOD"
case "$1" in case "$1" in
gentoo) gentoo)
# Requred to chroot
args+=" --cap-add SYS_CHROOT"
# debootstrap needs to create device nodes to properly function
args+=" --cap-add MKNOD"
# Required to mount inside a container
args+=" --cap-add SYS_ADMIN"
# Required to build glibc # Required to build glibc
args+=" --cap-add SYS_PTRACE" args+=" --cap-add SYS_PTRACE"
# mount portage volume # mount portage volume
args+=" -v ${gentoo_local_portage_dir}:/usr/portage/packages" args+=" -v ${gentoo_local_portage_dir}:/usr/portage/packages"
args+=" --volumes-from ${gentoo_portage_container}" args+=" --volumes-from ${gentoo_portage_container}"
;; ;;
ubuntu | debian) debian | ubuntu | suse)
# Requred to chroot source /etc/os-release
args+=" --cap-add SYS_CHROOT"
# debootstrap needs to create device nodes to properly function case "$ID" in
args+=" --cap-add MKNOD" fedora | centos | rhel)
;& # Depending on the podman version, we'll face issues when passing
suse) # `--security-opt apparmor=unconfined` on a system where not apparmor is not installed.
# Required to mount inside a container # Because of this, let's just avoid adding this option when the host OS comes from Red Hat.
args+=" --cap-add SYS_ADMIN"
# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile. # A explict check for podman, at least for now, can be avoided.
# See https://github.com/moby/moby/issues/16429 ;;
args+=" --security-opt apparmor=unconfined" *)
# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
# See https://github.com/moby/moby/issues/16429
args+=" --security-opt apparmor=unconfined"
;;
esac
;; ;;
*) *)
;; ;;