Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Arch Linux toolbox image #520

Closed
wants to merge 29 commits into from
+771 −152
Closed

Add Arch Linux toolbox image #520

Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
3983a29
Add Arch Linux toolbox image
Jul 31, 2020
1e694e2
Remove not needed Arch Linux packages
Jul 31, 2020
1ad280d
cmd/run: Make it more obvious when falling back to /bin/bash
debarshiray Aug 4, 2020
3b1d495
cmd/initContainer: Mount a tmpfs at /tmp to match the host
debarshiray Aug 4, 2020
884968b
Update issue templates
HarryMichal May 27, 2020
d3721f1
Add CONTRIBUTING.md
HarryMichal Jun 29, 2020
5094729
build: Install the tests
HarryMichal Jul 23, 2020
075fa00
cmd/initContainer: Add more information to errors from redirectPath
HarryMichal Aug 13, 2020
6251471
cmd/rm, pkg/podman: Move 'removeContainer' func to podman pkg
HarryMichal Jun 25, 2020
32a1d06
cmd/rmi, pkg/podman: Move 'removeImage' func to podman pkg
HarryMichal Jun 25, 2020
18dcb3b
README: Add missing parameter at the installation instructions
juanje Jul 27, 2020
86d9af9
images: Add fedora-toolbox image definition for Fedora 34
HarryMichal Aug 20, 2020
1bc3baf
build: Ensure binaries built on Fedora 33 run on Fedoras 32 & 31
debarshiray Aug 20, 2020
90f66f7
README.md: Mention that sudo(8) should work without a password
debarshiray Aug 21, 2020
efe5216
libc-wrappers: Tighten the definition of the ppc64le definition
debarshiray Aug 24, 2020
3ae818d
Silence SC2086
debarshiray Aug 24, 2020
1bd0e95
Prepare 0.0.94
debarshiray Aug 24, 2020
1f0f361
Combine pacman commands and remove unneeded packages
Aug 27, 2020
baac1a2
cmd/root: Rename a variable
debarshiray Aug 26, 2020
f78b039
cmd/root: Simplify code by using os.Create instead of syscall.Open
debarshiray Aug 26, 2020
71c0f55
cmd/root: Limit the scope of the error
debarshiray Aug 26, 2020
1cae7ae
cmd/initContainer: Try to handle config files that're absolute symlinks
HarryMichal May 27, 2020
b9064e1
profile.d: Warn if $TERM has no terminfo entry in the container
debarshiray Aug 28, 2020
b56674d
cmd/initContainer: Fix typo
martinpitt Aug 28, 2020
498ed69
Unbreak 'enter' on Fedora CoreOS
martinpitt Apr 7, 2020
7a6c9c8
cmd/initContainer: Split out the code to configure the user
debarshiray Aug 30, 2020
0bfcf8c
Unbreak 'sudo' inside toolbox containers with Podman 2.0.5
debarshiray Aug 30, 2020
750c8be
Prepare 0.0.95
debarshiray Aug 30, 2020
69afeea
pkg/utils: Update default release to 31 for non-fedora hosts
ljrk0 Aug 30, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Unbreak 'enter' on Fedora CoreOS 
... and other hybrid set-ups where the host and container OSes aren't
the same.

The entry point of a toolbox container already runs as root:root.
Therefore, there's no need to run it with an additional group.
Interactive shells spawned by 'sudo su -' both inside the container
and on the host don't run with such an additional group either. They
run just as root:root.

This prevented toolbox containers from starting up on Fedora CoreOS
hosts, because CoreOS has both the 'sudo' and 'wheel' groups but the
fedora-toolbox images only have the 'wheel' group. Therefore, it
ended up calling 'podman create --group-add sudo ...', and since the
'sudo' group was missing from the image, the container failed to start.

The --group-add flag was added in commit 4bda42d when the
entry point ran as $USER as specified in the user-specific customized
image. The additional group was specified to retain consistency with
interactive shells run as $USER.

Since then, things have changed. There's no longer any user-specific
customized image and commit f74400f made the entry point run
as root:root. The --group-add flag should have been removed as part of
those changes.

#423
@martinpitt
martinpitt authored and Erazem Kokot committed Sep 1, 2020

Unverified

No user is associated with the committer email.
Learn about vigilant mode
commit 498ed690b8e45c3f16713199c1835f8c24d00b50
6 changes: 0 additions & 6 deletions src/cmd/create.go
View file
Original file line number Diff line number Diff line change
@@ -191,11 +191,6 @@ func createContainer(container, image, release string, showCommandToEnter bool)
toolboxPathEnvArg := "TOOLBOX_PATH=" + toolboxPath
toolboxPathMountArg := toolboxPath + ":/usr/bin/toolbox:ro"

sudoGroup, err := utils.GetGroupForSudo()
if err != nil {
return err
}

logrus.Debug("Checking if 'podman create' supports '--ulimit host'")

var ulimitHost []string
@@ -339,7 +334,6 @@ func createContainer(container, image, release string, showCommandToEnter bool)
"create",
"--dns", "none",
"--env", toolboxPathEnvArg,
"--group-add", sudoGroup,
"--hostname", "toolbox",
"--ipc", "host",
"--label", "com.github.containers.toolbox=true",
6 changes: 0 additions & 6 deletions toolbox
View file
Original file line number Diff line number Diff line change
@@ -982,11 +982,6 @@ create()
return 1
fi

if ! group_for_sudo=$(get_group_for_sudo); then
echo "$base_toolbox_command: failed to create container $toolbox_container: group for sudo not found" >&2
return 1
fi

if [ -f /etc/profile.d/toolbox.sh ] 2>&3; then
toolbox_profile_bind="--volume /etc/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro"
elif [ -f /usr/share/profile.d/toolbox.sh ] 2>&3; then
@@ -1078,7 +1073,6 @@ create()
$podman_command create \
--dns none \
--env TOOLBOX_PATH="$TOOLBOX_PATH" \
--group-add "$group_for_sudo" \
--hostname toolbox \
--ipc host \
--label "com.github.containers.toolbox=true" \