Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The host root filesystem is mounted as "master:943". Setting child propagation to "rslave" is not supported. #359

Open
roshvin opened this issue Mar 23, 2023 · 0 comments

Comments

@roshvin
Copy link

roshvin commented Mar 23, 2023

HI,
i am running a pod as non root user and trying to run docker inside it and getting below error . could you pls help.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: did
  labels:
    app: test
  annotations:
    container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined
    container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      securityContext:
        runAsUser: 1000
      containers:
      - name: test
        image: registry.app.corpintra.net/workspace-image/did
        command: ["/bin/sh", "-ec", "sleep 1000"]


 k exec -it did-658dcc57bf-gxtnr bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
coder@did-658dcc57bf-gxtnr:/$

coder@did-658dcc57bf-gxtnr:/$ dockerd-rootless-setuptool.sh install
[INFO] systemd not detected, dockerd-rootless.sh needs to be started manually:

PATH=/usr/bin:/sbin:/usr/sbin:$PATH dockerd-rootless.sh

[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Use CLI context "rootless"
Current context is now "rootless"

[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):

# WARNING: systemd not found. You have to remove XDG_RUNTIME_DIR manually on every logout.
export XDG_RUNTIME_DIR=/home/coder/.docker/run
export PATH=/usr/bin:$PATH
Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///home/coder/.docker/run/docker.sock

coder@did-658dcc57bf-gxtnr:/$ export XDG_RUNTIME_DIR=/home/coder/.docker/run
coder@did-658dcc57bf-gxtnr:/$ export PATH=/usr/bin:$PATH
coder@did-658dcc57bf-gxtnr:/$ dockerd-rootless.sh
+ [ -w /home/coder/.docker/run ]
+ [ -d /home/coder ]
+ rootlesskit=
+ command -v docker-rootlesskit
+ command -v rootlesskit
+ rootlesskit=rootlesskit
+ break
+ [ -z rootlesskit ]
+ :
+ :
+ : builtin
+ : auto
+ : auto
+ net=
+ mtu=
+ [ -z  ]
+ command -v slirp4netns
+ + grep -qw -- --netns-type
slirp4netns --help
+ net=slirp4netns
+ [ -z  ]
+ mtu=65520
+ [ -z slirp4netns ]
+ [ -z 65520 ]
+ dockerd=dockerd
+ [ -z  ]
+ _DOCKERD_ROOTLESS_CHILD=1
+ export _DOCKERD_ROOTLESS_CHILD
+ id -u
+ [ 1000 = 0 ]
+ command -v selinuxenabled
+ exec rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
WARN[0000] The host root filesystem is mounted as "master:943". Setting child propagation to "rslave" is not supported.
[rootlesskit:parent] error: failed to setup UID/GID map: newuidmap 113 [0 1000 1 1 100000 65536] failed: newuidmap: write to uid_map failed: Operation not permitted
: exit status 1


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant