Systemd is now complaining or mentioning /var/run as a legacy directory.
It has been many years where /var/run is a symlink to /run on all
most distributions, make the change to the default.
Partial fix for https://github.com/containers/podman/issues/8369
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The example showing how to use unshare to mount a volume
was no longer working. Updated to make it work.
Fixes: #2218
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Add a --mount flag to `buildah unshare`, so that the command it runs can
have a container's root filesystem mounted, and the location where it's
mounted provided in its environment.
This is primarily aimed at cases where `buildah unshare` is used to run
one-liner commands, as proper scripts can simply call `buildah mount`
themselves.
Users still have to be careful about quoting references to the environment
if the command needs to be executed by a shell (for example, if it's run
as `buildah unshare --mount foo sh -c 'ls $foo'`), so that the shell
that's invoking `buildah unshare` doesn't try to expand the variable's
value first.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
buildah unshare ls -l
was blowing up.
This is fixed by this PR.
Also added more documentation on use cases of `buildah unshare`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1375
Approved by: TomSweeneyRedHat
Update man page to show example of using buildah mount
in rootless mode.
Also enhance buildah mount --help to explain the buildah unshare
requirement.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1341
Approved by: TomSweeneyRedHat
man-pages(7) has [1]:
> For commands, this shows the syntax of the command and its arguments
> (including options); boldface is used for as-is text and italics are
> used to indicate replaceable arguments. Brackets ([]) surround
> optional arguments, vertical bars (|) separate choices, and ellipses
> (...) can be repeated.
I've adjusted our SYNOPSIS entries to match that formatting, and
generally tried to make them more consistent with the precedent set by
the man-pages project. Outside of the SYNOPSIS entry, I prefer using
backticks for literals, although in some places I've left the **
bolding to keep things visually similar to a nearby SYNOPSIS entry.
I've also simplified a few placeholders, e.g. "containerID" ->
"container", because I didn't think the additional bit was providing
much additional context. If there is ambiguity about the
representation, it should be addressed in the DESCRIPTION instead of
with an "ID" or "Name" suffix.
[1]: http://man7.org/linux/man-pages/man7/man-pages.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #839
Approved by: rhatdan
If our CLI is invoked as an unprivileged user (uid != 0),
* create a namespace using our own UID and GID as "0" followed by the
ranges matching our name and our primary group's name that we find in
/etc/subuid and /etc/subgid (the latter by way of using newuidmap and
newgidmap)
* re-exec ourselves inside of that user namespace, prepending global CLI arguments that:
* override the driver from storage.conf with "vfs"
* override the storage root from storage.conf with a "containers/storage" subdirectory
of $XDG_DATA_HOME, or $HOME/.local/share.
* override the storage runroot from storage.conf with either "$XDG_RUNTIME_DIR/run" or
"/var/run/user/$uid/run"
* set default ID mapping settings to map all of the ranges matching
our name and our primary group's name that we found in /etc/subuid
and /etc/subgid
* can still be overridden using the command line
Add a "buildah unshare" CLI that will start an arbitrary command in the
first namespace, so that manual cleanup of locations used by the second
namespace will be possible.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #823
Approved by: rhatdan
Daniel J Walsh
TomSweeneyRedHat
Nalin Dahyabhai
W. Trevor King