From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: TIAN Yuanhao <tianyuanhao3@163.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Christian Stewart <christian@aperture.us>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/docker-engine: fix runtime problem
Date: Wed, 21 Aug 2024 09:12:14 +0200 [thread overview]
Message-ID: <ZsWTTvL0qv6By7lK@landeda> (raw)
In-Reply-To: <29b5f7df.5240.19173962677.Coremail.tianyuanhao3@163.com>
Yuanhao, All,
On 2024-08-21 14:18 +0800, TIAN Yuanhao spake thusly:
> At 2024-08-21 06:00:49, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:
> >On 2024-08-20 23:32 +0200, Thomas Petazzoni via buildroot spake thusly:
> >> On Tue, 20 Aug 2024 23:26:33 +0200
> >> "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:
> >> > On 2024-08-20 17:44 +0200, Waldemar Brodkorb spake thusly:
> >> > > + $(call KCONFIG_ENABLE_OPT,CONFIG_USER_NS)
> >> > As far as I can see, this is an optional feature, and is not strictly
> >> > required:
> >> > https://github.com/moby/moby/blob/master/contrib/check-config.sh#L235
> >> > So I don't think we should forecfully enable it.
> >> On the other hand, Waldemar is encountering the issue while doing a
> >> simple "docker run <container>", which seems to be like the most basic
> >> thing you would want to do with docker. So if CONFIG_USER_NS is needed
> >> for something as basic as starting up a container, I believe it's not
> >> really an optional feature?
[--SNIP--]
> In fact, USER_NS is optional for runc, but mandatory for crun.
OK, but still, for docker-engine *itself*, USER_NS is optional, as we
can clearly see in our runtime test that does not enable USER_NS and
still succeeds at running containers.
And indeed, our runtime test uses runc, so it kinda makes sense that it
works.
But then, if that's crun that needs USER_NS, enabling USER_+NS in the
kernel config should be done in the crun package, not in the
docker-engine one.
Thanks for the feedback!
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2024-08-21 7:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-20 15:44 [Buildroot] [PATCH] package/docker-engine: fix runtime problem Waldemar Brodkorb
2024-08-20 21:26 ` Yann E. MORIN
2024-08-20 21:32 ` Thomas Petazzoni via buildroot
2024-08-20 22:00 ` Yann E. MORIN
2024-08-21 6:18 ` TIAN Yuanhao
2024-08-21 7:12 ` Yann E. MORIN [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZsWTTvL0qv6By7lK@landeda \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=christian@aperture.us \
--cc=thomas.petazzoni@bootlin.com \
--cc=tianyuanhao3@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox