sshd+getty: Add apk to these containers

Since these are the user login containers, having the ability to add packages is useful (e.g. I quite often find I want strace). Doing this requires that we not share `/var` with the login containers since we want the apk database therein. Previously it was thought that the containers might need some parts of `/var` for `ctr` to work (e.g. `/var/lib/containerd`) but this is not the case now (if it ever was) based on my testing. Fixes #2206. Signed-off-by: Ian Campbell <ijc@docker.com>
2025-07-21 10:09:07 +00:00 · 2017-07-14 12:52:56 +01:00 · 2017-07-14 12:52:56 +01:00 · c48acd5d9d
commit c48acd5d9d
parent 5545f3085a
2 changed files with 9 additions and 6 deletions
--- a/pkg/getty/Dockerfile
+++ b/pkg/getty/Dockerfile
@ -1,15 +1,17 @@
-FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror
+FROM linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956 AS mirror
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out \
    alpine-baselayout \
    apk-tools \
    busybox \
    ca-certificates \
    musl \
    tini \
    util-linux \
    && true
-RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
+RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories
 #
 # We require a version of `setsid(1)` which supports the `-w`
 # option, which is not available in all implementations (e.g. the
@ -29,4 +31,4 @@ COPY --from=mirror /out/ /
 COPY usr/ /usr/
 COPY etc/ /etc/
 CMD ["/usr/bin/rungetty.sh"]
-LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
+LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
--- a/pkg/sshd/Dockerfile
+++ b/pkg/sshd/Dockerfile
@ -1,8 +1,9 @@
-FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror
+FROM linuxkit/alpine:a39a433162a873519910a07beeb3e8db22529956 AS mirror
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out \
    alpine-baselayout \
    apk-tools \
    busybox \
    ca-certificates \
    musl \
@ -10,7 +11,7 @@ RUN apk add --no-cache --initdb -p /out \
    tini \
    util-linux \
    && true
-RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
+RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories
 FROM scratch
 ENTRYPOINT []
@ -20,4 +21,4 @@ COPY etc/ /etc/
 COPY usr/ /usr/
 RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh
 CMD ["/sbin/tini", "/usr/bin/ssh.sh"]
-LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
+LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'