Hi Aaron, Aaron Weitekamp <aweit...@redhat.com> writes:
> I have a use case where from inside a container I want to pull down another > container and mount as a rootfs in a tempdir. When doing this inside a > container I get permissions denied[1] > on the bindmount. Otherwise it appears to mount fine. > I have no host privilege added to this container--just running as root. Are > there options[2] I could add to the cmd? The mount from OSTree storage currently works as: 1) doing a checkout of the image to the destination 2) create a bind on the checkout destination, so that it is mounted read-only (we need this to not risk modifying files in the OSTree storage) So you are probably seeing the error from the point 2) we need 1) as the files are stored in the OSTree storage and they are not directly accessible using the image layout. e.g. /usr/bin/foo might map to something like: /ostree/repo/objects/12/ab1a754b8b923f1e58f5fb3d432ba4abc6e7e470bf3cccb4f07350fbe40c09.file My proposal to fix this, and have more of the "mount feel" is still waiting here: https://github.com/ostreedev/ostree/pull/491 ostree-union-fuse will probably help in cases like yours and it will be possible to "mount" the image from OSTree without doing any checkout, but have the FUSE file system doing all the mapping from the rootfs to the objects in the OSTree storage. Regards, Giuseppe
