From c48acd5d9d802812456f9d445961b27d9486f202 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Fri, 14 Jul 2017 12:52:56 +0100 Subject: [PATCH] sshd+getty: Add apk to these containers Since these are the user login containers, having the ability to add packages is useful (e.g. I quite often find I want strace). Doing this requires that we not share `/var` with the login containers since we want the apk database therein. Previously it was thought that the containers might need some parts of `/var` for `ctr` to work (e.g. `/var/lib/containerd`) but this is not the case now (if it ever was) based on my testing. Fixes #2206. Signed-off-by: Ian Campbell --- pkg/getty/Dockerfile | 8 +++++--- pkg/sshd/Dockerfile | 7 ++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/getty/Dockerfile b/pkg/getty/Dockerfile index 031d172cf..cbcac9821 100644 --- a/pkg/getty/Dockerfile +++ b/pkg/getty/Dockerfile @@ -1,15 +1,17 @@ -FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror +FROM linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956 AS mirror RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk add --no-cache --initdb -p /out \ alpine-baselayout \ + apk-tools \ busybox \ ca-certificates \ musl \ tini \ util-linux \ && true -RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache +RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories + # # We require a version of `setsid(1)` which supports the `-w` # option, which is not available in all implementations (e.g. the @@ -29,4 +31,4 @@ COPY --from=mirror /out/ / COPY usr/ /usr/ COPY etc/ /etc/ CMD ["/usr/bin/rungetty.sh"] -LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' diff --git a/pkg/sshd/Dockerfile b/pkg/sshd/Dockerfile index 44c52d901..2fe70e258 100644 --- a/pkg/sshd/Dockerfile +++ b/pkg/sshd/Dockerfile @@ -1,8 +1,9 @@ -FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror +FROM linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956 AS mirror RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk add --no-cache --initdb -p /out \ alpine-baselayout \ + apk-tools \ busybox \ ca-certificates \ musl \ @@ -10,7 +11,7 @@ RUN apk add --no-cache --initdb -p /out \ tini \ util-linux \ && true -RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache +RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories FROM scratch ENTRYPOINT [] @@ -20,4 +21,4 @@ COPY etc/ /etc/ COPY usr/ /usr/ RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh CMD ["/sbin/tini", "/usr/bin/ssh.sh"] -LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'