* [Buildroot] [PATCH next 1/1] utils/docker-run: check for podman before docker @ 2024-05-31 19:51 Julien Olivain 2024-05-31 20:09 ` Yann E. MORIN 0 siblings, 1 reply; 3+ messages in thread From: Julien Olivain @ 2024-05-31 19:51 UTC (permalink / raw) To: buildroot; +Cc: Julien Olivain, Ricardo Martincoski Commit 9a629f5 "utils/docker-run: allow running with Podman" added an option on system providing the podman command. This case is mainly for Fedora systems. Fedora repositories has a podman-docker package, that provide the docker command for compatibility. See [1]. When this package is installed on a Fedora system, both the docker and podman commands are available. Since the docker command is checked before podman, the --userns option is not passed in that case. This brings "permission denied" errors. This commit inverses the command check order, to check for podman before docker. This makes sure this mechanisms will work when both commands. Note that the same behavior of the --userns=keepid option can be achieved by setting the environment variable "PODMAN_USERNS=keep-id". See podman-run man page [2]. [1] https://packages.fedoraproject.org/pkgs/podman/podman-docker/ [2] https://docs.podman.io/en/latest/markdown/podman-run.1.html Signed-off-by: Julien Olivain <ju.o@free.fr> --- utils/docker-run | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/docker-run b/utils/docker-run index 3dcabe2718b..51390945119 100755 --- a/utils/docker-run +++ b/utils/docker-run @@ -29,11 +29,11 @@ declare -a mountpoints=( "$(pwd)" ) -if command -v docker >/dev/null; then - DOCKER="docker" -elif command -v podman >/dev/null; then +if command -v podman >/dev/null; then DOCKER="podman" docker_opts+=( --userns=keep-id ) +elif command -v docker >/dev/null; then + DOCKER="docker" else echo "ERROR: Neither docker nor podman available!" >&2 exit 1 -- 2.45.1 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH next 1/1] utils/docker-run: check for podman before docker 2024-05-31 19:51 [Buildroot] [PATCH next 1/1] utils/docker-run: check for podman before docker Julien Olivain @ 2024-05-31 20:09 ` Yann E. MORIN 2024-06-01 9:45 ` Julien Olivain 0 siblings, 1 reply; 3+ messages in thread From: Yann E. MORIN @ 2024-05-31 20:09 UTC (permalink / raw) To: Julien Olivain; +Cc: Ricardo Martincoski, buildroot Julien, All, On 2024-05-31 21:51 +0200, Julien Olivain spake thusly: > Commit 9a629f5 "utils/docker-run: allow running with Podman" added an > option on system providing the podman command. This case is mainly > for Fedora systems. > > Fedora repositories has a podman-docker package, that provide the > docker command for compatibility. See [1]. > > When this package is installed on a Fedora system, both the docker and > podman commands are available. Since the docker command is checked > before podman, the --userns option is not passed in that case. This > brings "permission denied" errors. > > This commit inverses the command check order, to check for podman > before docker. This makes sure this mechanisms will work when both > commands. When I applied the patch, my reasoning was that we wanted to keep checking for docker first, to keep the current behaviour for those that have docker-the-real-thing installed along with podman, to avoid any surprise. So I think we should keep using docker if it is installed, even if podman is installed too. So... > Note that the same behavior of the --userns=keepid option can be > achieved by setting the environment variable "PODMAN_USERNS=keep-id". > See podman-run man page [2]. Why can't we export PODMAN_USERNS=keep-id, and keep the ordering, like so (elidded for brevity): if command -v docker >/dev/null; then DOCKER="docker" elif command -v podman >/dev/null; then DOCKER="podman" endif exec PODMAN_USERNS=keep-id ${DOCKER} run blablabla That way, we keep to using docker first; if that is a real docker, it would just not act on PODMAN_USERNS, but if it is podman-as-docker, then it would honor it. If docker is not installed but podman is, then it would also honor it. Thoughts? Regards, Yann E. MORIN. > [1] https://packages.fedoraproject.org/pkgs/podman/podman-docker/ > [2] https://docs.podman.io/en/latest/markdown/podman-run.1.html > > Signed-off-by: Julien Olivain <ju.o@free.fr> > --- > utils/docker-run | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/utils/docker-run b/utils/docker-run > index 3dcabe2718b..51390945119 100755 > --- a/utils/docker-run > +++ b/utils/docker-run > @@ -29,11 +29,11 @@ declare -a mountpoints=( > "$(pwd)" > ) > > -if command -v docker >/dev/null; then > - DOCKER="docker" > -elif command -v podman >/dev/null; then > +if command -v podman >/dev/null; then > DOCKER="podman" > docker_opts+=( --userns=keep-id ) > +elif command -v docker >/dev/null; then > + DOCKER="docker" > else > echo "ERROR: Neither docker nor podman available!" >&2 > exit 1 > -- > 2.45.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH next 1/1] utils/docker-run: check for podman before docker 2024-05-31 20:09 ` Yann E. MORIN @ 2024-06-01 9:45 ` Julien Olivain 0 siblings, 0 replies; 3+ messages in thread From: Julien Olivain @ 2024-06-01 9:45 UTC (permalink / raw) To: Yann E. MORIN; +Cc: Ricardo Martincoski, buildroot Hi Yann, On 31/05/2024 22:09, Yann E. MORIN wrote: > Julien, All, > > On 2024-05-31 21:51 +0200, Julien Olivain spake thusly: >> Commit 9a629f5 "utils/docker-run: allow running with Podman" added an >> option on system providing the podman command. This case is mainly >> for Fedora systems. >> >> Fedora repositories has a podman-docker package, that provide the >> docker command for compatibility. See [1]. >> >> When this package is installed on a Fedora system, both the docker and >> podman commands are available. Since the docker command is checked >> before podman, the --userns option is not passed in that case. This >> brings "permission denied" errors. >> >> This commit inverses the command check order, to check for podman >> before docker. This makes sure this mechanisms will work when both >> commands. > > When I applied the patch, my reasoning was that we wanted to keep > checking for docker first, to keep the current behaviour for those that > have docker-the-real-thing installed along with podman, to avoid any > surprise. So I think we should keep using docker if it is installed, > even if podman is installed too. > > So... > >> Note that the same behavior of the --userns=keepid option can be >> achieved by setting the environment variable "PODMAN_USERNS=keep-id". >> See podman-run man page [2]. > > Why can't we export PODMAN_USERNS=keep-id, and keep the ordering, like > so (elidded for brevity): > > if command -v docker >/dev/null; then > DOCKER="docker" > elif command -v podman >/dev/null; then > DOCKER="podman" > endif > exec PODMAN_USERNS=keep-id ${DOCKER} run blablabla > > That way, we keep to using docker first; if that is a real docker, it > would just not act on PODMAN_USERNS, but if it is podman-as-docker, > then > it would honor it. If docker is not installed but podman is, then it > would also honor it. > > Thoughts? Good point. I'll propose a v2 patch that will: - keep the original order (docker first) - set the userns with the environment variable globally, rather than by command line argument. This way, it will work in all cases (no podman, Fedora with podman-docker, Fedora without podman-docker), while preserving the original behavior. For clarity, I think I'll do an "export PODMAN_USERNS=keep-id" to add a comment before it, rather than an "exec PODMAN_USERNS=keepid ${DOCKER} run ...". > Regards, > Yann E. MORIN. > >> [1] https://packages.fedoraproject.org/pkgs/podman/podman-docker/ >> [2] https://docs.podman.io/en/latest/markdown/podman-run.1.html >> >> Signed-off-by: Julien Olivain <ju.o@free.fr> >> --- >> utils/docker-run | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/utils/docker-run b/utils/docker-run >> index 3dcabe2718b..51390945119 100755 >> --- a/utils/docker-run >> +++ b/utils/docker-run >> @@ -29,11 +29,11 @@ declare -a mountpoints=( >> "$(pwd)" >> ) >> >> -if command -v docker >/dev/null; then >> - DOCKER="docker" >> -elif command -v podman >/dev/null; then >> +if command -v podman >/dev/null; then >> DOCKER="podman" >> docker_opts+=( --userns=keep-id ) >> +elif command -v docker >/dev/null; then >> + DOCKER="docker" >> else >> echo "ERROR: Neither docker nor podman available!" >&2 >> exit 1 >> -- >> 2.45.1 >> >> _______________________________________________ >> buildroot mailing list >> buildroot@buildroot.org >> https://lists.buildroot.org/mailman/listinfo/buildroot > > -- > .-----------------.--------------------.------------------.--------------------. > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' > conspiracy: | > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ > | > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There > is no | > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v > conspiracy. | > '------------------------------^-------^------------------^--------------------' Best regards, Julien. _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-06-01 9:45 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-05-31 19:51 [Buildroot] [PATCH next 1/1] utils/docker-run: check for podman before docker Julien Olivain 2024-05-31 20:09 ` Yann E. MORIN 2024-06-01 9:45 ` Julien Olivain
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.