From: Csepp <raingloom@riseup.net>
To: Remco van 't Veer <remco@remworks.net>
Cc: 55358@debbugs.gnu.org,
Maxim Cournoyer <maxim.cournoyer@gmail.com>,
zimoun <zimon.toutoune@gmail.com>,
guix-devel@gnu.org
Subject: Re: bug#55358: docker containers stopped when doing guix install or guix shell
Date: Sat, 20 May 2023 00:29:04 +0200 [thread overview]
Message-ID: <87fs7st0m3.fsf@riseup.net> (raw)
In-Reply-To: <878rdk8gm9.fsf@remworks.net>
Remco van 't Veer <remco@remworks.net> writes:
> Hi Maxim and Zimoun,
>
> 2023/02/09 13:26, Remco van 't Veer:
>
>> I think I know what is causing the issue. Both the "standard" mysql and
>> postgres containers use user-id 999 to run the database service (this
>> seems like a common practice because the redis container is configured
>> similarly). That user-id is also configured as guixbuilder01 so I guess
>> the guix daemon is killing those when processes when it finishes doing
>> builds.
>
> I found a solution / workaround for this problem by using
> "userns-remap". This feature allows the remapping of uids and guids to
> different ranges. I tried it by hacking the required files into my
> etc-directory and it works; guix no long kills my database containers.
>
> I'd like to add this feature to docker-service-type having a new
> configuration option named enable-userns-remap? which introduces a new
> user and group (both named dockremap) to do the remapping by adding some
> configurable number to the uids and guids of the running container. In
> /etc/subuid and /etc/subgid it would look like:
>
> dockremap:100000:65536
>
> See https://docs.docker.com/engine/security/userns-remap/ for
> documentation about this.
>
> WDYT?
>
> Cheers,
> Remco
The rootless podman example that was shared a few months ago could be
relevant to this, since that also adds a subuid/subgid mapping.
next prev parent reply other threads:[~2023-05-19 22:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-11 7:12 bug#55358: docker containers stopped when doing guix install or guix shell Remco van 't Veer
2022-07-12 13:48 ` Maxim Cournoyer
2022-07-12 14:37 ` Remco van 't Veer
2023-02-09 12:26 ` Remco van 't Veer
2023-05-19 15:50 ` Remco van 't Veer
2023-05-19 22:29 ` Csepp [this message]
2023-05-23 7:53 ` Remco van 't Veer
2023-05-23 7:49 ` [PATCH] services: docker: Add 'enable-userns-remap?' argument Remco van 't Veer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fs7st0m3.fsf@riseup.net \
--to=raingloom@riseup.net \
--cc=55358@debbugs.gnu.org \
--cc=guix-devel@gnu.org \
--cc=maxim.cournoyer@gmail.com \
--cc=remco@remworks.net \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.