when using runc
$ mypid=`runc list | tail -n 1 | awk '{print $2}'`
$ nsenter -a -t $mypid /bin/sh
nsenter: reassociate to namespace 'ns/cgroup' failed: Operation not
permitted
$ sudo nsenter -a -t $mypid /bin/sh
# worked fine
but when using bwraps
$ mypid=`bwrap-oci list | tail -n 1 | awk '{print $2}'
$ nsenter -a -t $mypid /bin/sh
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
$ sudo nsenter -a -t $mypid /bin/sh
nsenter: failed to execute /bin/sh: No such file or directory
why do I need to be root to join using nsenter with runc
and why bwraps failed even if I'm root
On Mon, Mar 5, 2018 at 1:23 PM, Giuseppe Scrivano <gscri...@redhat.com>
wrote:
> Muayyad AlSadi <als...@gmail.com> writes:
>
> > it seems there is no bwrap-oci exec and nsenter does not work as regular
> user.
> >
> > how to enter an existing user name space just like "runc exec redis
> /bin/sh" using bubble wrap or nsenter?
>
> exec is not implemented yet. The easiest way to workaround this
> limitation is to use directly "nsenter -a".
>
> Regards,
> Giuseppe
>
