Hi, On Mon, Apr 24, 2017 at 12:29 PM, Michal Minar <mimi...@redhat.com> wrote:
> Did anyone successfully set up his fedora packaging environment in a > docker container? > I didn't get past `kinit mimi...@fedoraproject.org` in a container. It > gives me: > > Invalid UID in persistent keyring name while getting default ccache > This is caused because Docker installs a default seccomp policy that denies access to the Kernel keyring because this is not namespaced. You can work around this by "export KRB5CCNAME=/tmp/ticket". Alternatively, you can allow the container access to your host keyring. For this, you can start with my policy: https://github.com/puiterwijk/development-environments/blob/master/docker/koji/policy.json . This is based on Docker 1.13. For the 1.12 and earlier version, grab: https://github.com/puiterwijk/development-environments/blob/ed497fbbd56432eca1b27ce41903ed2c33aaa051/docker/koji/policy.json . Then on the docker run command, add: --security-opt seccomp=$HOME/Documents/Development/Environments/docker/koji/policy.json Do note that if you want to do kinit, you will want to add the add_key call as well (I just do kinit on my workstation, and use the seccomp policy to allow my koji container access to it). > > I'd be very glad for any suggestion or advice. Until then, I'll stick with > a VM. > > Regards, > -- > > MICHAL MINÁŘ > > SOFTWARE ENGINEER > > Red Hat Czech, s.r.o. <https://www.redhat.com/> > > mimi...@redhat.com > > Regards, Patrick
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
