Re: [Buildroot] [PATCH] package/docker-engine: fix runtime problem

From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@aperture.us>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/docker-engine: fix runtime problem
Date: Tue, 20 Aug 2024 23:32:50 +0200	[thread overview]
Message-ID: <20240820233250.3293444a@windsurf> (raw)
In-Reply-To: <ZsUKCVcZheIlzo00@landeda>

On Tue, 20 Aug 2024 23:26:33 +0200
"Yann E. MORIN" <yann.morin.1998@free.fr> wrote:

> On 2024-08-20 17:44 +0200, Waldemar Brodkorb spake thusly:
> > When starting a container you get:
> > # docker run nginx
> > docker0: port 1(veth7743781) entered blocking state
> > docker0: port 1(veth7743781) entered disabled state
> > veth7743781: entered allmulticast mode
> > veth7743781: entered promiscuous mode
> > docker0: port 1(veth7743781) entered disabled state
> > veth7743781 (unregistering): left allmulticast mode
> > veth7743781 (unregistering): left promiscuous mode
> > docker0: port 1(veth7743781) entered disabled state
> > docker: Error response from daemon: failed to create task for
> > container: failed to create shim task: OCI runtime create failed:
> > error opening file `/proc/self/uid_map`: No such file or directory: unknown.
> > 
> > Add the missing kernel module to allow starting containers.
> > 
> > Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
> > ---
> >  package/docker-engine/docker-engine.mk | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
> > index 268b851520..baec32d79d 100644
> > --- a/package/docker-engine/docker-engine.mk
> > +++ b/package/docker-engine/docker-engine.mk
> > @@ -106,6 +106,7 @@ define DOCKER_ENGINE_LINUX_CONFIG_FIXUPS
> >  	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_DEVICE)
> >  	$(call KCONFIG_ENABLE_OPT,CONFIG_CGROUP_CPUACCT)
> >  	$(call KCONFIG_ENABLE_OPT,CONFIG_NAMESPACES)
> > +	$(call KCONFIG_ENABLE_OPT,CONFIG_USER_NS)  
> 
> As far as I can see, this is an optional feature, and is not strictly
> required:
> 
>     https://github.com/moby/moby/blob/master/contrib/check-config.sh#L235
> 
> So I don't think we should forecfully enable it.

On the other hand, Waldemar is encountering the issue while doing a
simple "docker run <container>", which seems to be like the most basic
thing you would want to do with docker. So if CONFIG_USER_NS is needed
for something as basic as starting up a container, I believe it's not
really an optional feature?

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot