:: [DNG] help with docker - running en…
Góra strony
Delete this message
Reply to this message
Autor: Lorenz
Data:  
Dla: Dng
Temat: [DNG] help with docker - running entrypoint as root
Hello all,

I want to use docker to create a container and run stuff with root
privileges inside; I'm using some notes I had from few years ago,
I remember it worked at the time but now it doesn't. :(
I'm probably overlooking something stupid here, but right now
I don't understand what..

I'm using the follwing dockerfile:

--------------------------------
# dockerfile for runit-services testsuite
#
FROM debian:sid
MAINTAINER plorenzo@???

RUN apt-get update -q -q && apt-get upgrade --yes

# Install runit + runit-init
RUN dpkg -r --force-remove-protected init
RUN apt-get install -y --no-install-recommends runit
RUN apt-get install -y runit-init
#RUN apt-get remove -y libnss-systemd
#RUN apt-get install -y runit-services getty-run

#install standalones alternatives to systemd
RUN apt-get install -y libpam-elogind dbus-x11
RUN apt-get install -y opensysusers systemd-standalone-tmpfiles

#testsuite as service: TODO

# launch runit as init system
ENTRYPOINT ["/sbin/init"]
-------------------------------------------------------

then I do
#docker build -t=runit-testsuite - < Dockerfile.runit
#docker run --name=runit runit-testsuite

as a result, I see many error printed, for example

>hostname: you must be root to change the host name
>mount: /run: permission denied.


and so on.. (full output at the end), it looks like
the entrypoint process is running without root privileges.

if I do
# docker exec -it runit bash
then inside the container
# whoami
root
# echo $UID
0
#/etc/rcS.d/S01hostname.sh
hostname: you must be root to change the host name

Any ideas?
Lorenzo

Below full output from the container

- runit: $Id: 25da3b86f7bed4038b8a039d2f8e8c9bbcf0822b $: booting.
- runit: warning: unable to open /dev/console: file does not exist
- runit: enter stage: /etc/runit/1
hostname: you must be root to change the host name
mount: /run: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /run/lock: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /sys/kernel/security: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /sys/fs/pstore: permission denied.
       dmesg(1) may have more information after failed mount system call.
Activating swap...done.
mount: /: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /proc: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /sys: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /dev/shm: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /dev/pts: permission denied.
       dmesg(1) may have more information after failed mount system call.
Checking file systems...setterm: $TERM is not defined.
setterm: $TERM is not defined.
done.
Cleaning up temporary files... /tmp.
Mounting local filesystems...done.
Activating swapfile swap, if any...done.
mount: /run: permission denied.
       dmesg(1) may have more information after failed mount system call.
mount: /run/lock: permission denied.
       dmesg(1) may have more information after failed mount system call.
Cleaning up temporary files....
Starting standalone sysusers service: opensysusersOpensysusers: system
users successfully created.
Starting Setting kernel variables: sysctlsysctl: permission denied on
key "fs.protected_fifos"
sysctl: permission denied on key "fs.protected_hardlinks"
sysctl: permission denied on key "fs.protected_regular"
sysctl: permission denied on key "fs.protected_symlinks"
Cleaning up temporary files....
- runit: leave stage: /etc/runit/1
- runit: enter stage: /etc/runit/2
runsvchdir: default: current.
dmesg: read kernel buffer failed: Operation not permitted
action denied by policy-rc.d
action denied by policy-rc.d
timeout: down: dbus: 8s, normally up
timeout: down: dbus: 7s, normally up
timeout: down: dbus: 7s, normally up
- runit: leave stage: /etc/runit/2
- runit: enter stage: /etc/runit/3
Waiting for services to stop...
ok: down: /etc/service/dbus: 100s, normally up
ok: down: /etc/service/dbus.dep-fixer: 94s, normally up
ok: down: /etc/service/default-syslog: 94s, normally up
ok: down: /etc/service/elogind: 169s, normally up
ok: down: /etc/service/getty-ttyS0: 169s, normally up
ok: down: /etc/service/ssh: 169s, normally up
Running shutdown tasks...
Saving the system clock to /dev/rtc0.
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --verbose option to see the details of our search for
an access method.
Opensysusers: nothing to do at shutdown.
Asking all remaining processes to terminate...done.
All processes ended within 2 seconds...done.
WARNING: writing wtmp with -w is not supported for now
Deactivating swap...swapoff: Not superuser.
failed.
Unmounting local filesystems...umount: /etc/hosts: must be superuser to unmount.
umount: /etc/hostname: must be superuser to unmount.
umount: /etc/resolv.conf: must be superuser to unmount.
umount: /dev/mqueue: must be superuser to unmount.
failed.
mount: /: permission denied.
       dmesg(1) may have more information after failed mount system call.
- runit: leave stage: /etc/runit/3
- runit: sending KILL signal to all processes...
- runit: power off...
- runit: system halt.