install: Guide user towards the correct podman flags #953
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Needs a |
cgwalters
requested changes
Dec 9, 2024
Modified the error / root checking code a bit to better guide the user towards the correct bootc invocation. Issue BIFROST-552 [1] ``` [omer@hal9000 ~]$ podman run -it quay.io/otuchfel/bootc:comfy bootc install to-existing-root ERROR Installing to filesystem: Querying root privilege: The container must be executed with full privileges (e.g. --privileged flag) [omer@hal9000 ~]$ podman run -it --privileged quay.io/otuchfel/bootc:comfy bootc install to-existing-root ERROR Installing to filesystem: This command must be run with the podman --pid=host flag [omer@hal9000 ~]$ podman run -it --pid=host --privileged quay.io/otuchfel/bootc:comfy bootc install to-existing-root ERROR Installing to filesystem: /proc/1 is owned by 65534, not zero; this command must be run in the root user namespace (e.g. not rootless podman) [omer@hal9000 ~]$ sudo podman run -it --privileged --pid=host quay.io/otuchfel/bootc:comfy bootc install to-existing-root Installing image: docker://quay.io/otuchfel/bootc:comfy ... ``` [1] https://issues.redhat.com/browse/BIFROST-552 Signed-off-by: Omer Tuchfeld <[email protected]>
cgwalters
approved these changes
Dec 9, 2024
| @@ -245,7 +245,7 @@ pub(crate) async fn run_from_anaconda(rootfs: &Dir) -> Result<()> { | |||
|
|
|||
| /// From ostree-rs-ext, run through the rest of bootc install functionality | |||
| pub async fn run_from_ostree(rootfs: &Dir, sysroot: &Utf8Path, stateroot: &str) -> Result<()> { | |||
| crate::cli::require_root()?; | |||
| crate::cli::require_root(false)?; | |||
There was a problem hiding this comment.
Non-blocking: One larger cleanup I think we could do is have an Environment struct that gathers global state like this (uid, whether we have cap_sys_admin, whether /run/ostree-booted exists, whether we appear to be in a container), and then query requirements on it.
e.g. here we're passing false for is_container but we don't actually know that's false or not.
Not a blocker, just an optional followup.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See commit message