Hi Muayyad, Muayyad AlSadi <als...@gmail.com> writes:
> here is my blog post > > https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html That is definitely a great blog post! It is a very good explanation of how the atomic CLI works for a non root user. > the error in "bwrap-oci run" > bwrap-oci: unknown mount type none > was because of type none in /sys > > "mounts": [ > ... > { > "destination": "/sys", > "type": "none", > "source": "/sys", > "options": [ > "rbind", > "nosuid", > "noexec", > "nodev", > "ro" > ] > } > > but removing it did not solve the problem The issue you reported is a bug in bwrap-oci. It fails with an error caused by the '"type" : "none"' generated by .runc spec --rootless. Could you please try if this PR solves the problem for you? https://github.com/projectatomic/bwrap-oci/pull/17 Another option is to change "none" to "bind" in the configuration file. In general bwrap-oci is more tolerant than runc with the config.json configuration. bwrap-oci takes the freedom of adding the user namespace even if it is not specified and handle the users mapping inside of the container (if you need more than one user mapped please take a look at /etc/subuid and /etc/subgid). It is designed this way so that the configuration that works for a system container could to some extend be used by a non root user in a seamless way. You should be fine to run the container with the config.json file you get with "runc spec" without the "--rootless" option. Please let me know if this works for you. Regards, Giuseppe
