opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-09 17:42:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/contrib/podmanimage/upstream/Dockerfile
Blake Burkhart 2a974e8b94 Create user storage dir with correct permissions 
Docker VOLUMEs will inherit permissions from an existing directory at the same
path. If the path does not exist, the directory will be owned by root which
makes this image unusable in rootless mode.

Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
2021-06-14 14:40:36 -05:00

84 lines
3.5 KiB
Docker
Raw Blame History

# git/Dockerfile
#
# Build a Podman container image from the latest
# upstream version of Podman on GitHub.
# https://github.com/containers/podman
# This image can be used to create a secured container
# that runs safely with privileges within the container.
# The containers created by this image also come with a
# Podman development environment in /root/podman.
#
FROM registry.fedoraproject.org/fedora:latest
ENV GOPATH=/root/podman
# Install the software required to build Podman.
# Then create a directory and clone from the Podman
# GitHub repository, make and install Podman
# to the container.
# Finally remove the podman directory and a few other packages
# that are needed for building but not running Podman
RUN yum -y update; yum -y reinstall shadow-utils; yum -y install --exclude container-selinux \
--enablerepo=updates-testing \
btrfs-progs-devel \
containernetworking-cni \
conmon \
device-mapper-devel \
git \
glib2-devel \
glibc-devel \
glibc-static \
go \
golang-github-cpuguy83-md2man \
gpgme-devel \
iptables \
libassuan-devel \
libgpg-error-devel \
libseccomp-devel \
libselinux-devel \
make \
pkgconfig \
crun \
fuse-overlayfs \
fuse3 \
containers-common; \
mkdir /root/podman; \
git clone https://github.com/containers/podman /root/podman/src/github.com/containers/podman; \
cd /root/podman/src/github.com/containers/podman; \
make BUILDTAGS="selinux seccomp"; \
make install PREFIX=/usr; \
cd /root/podman; \
git clone https://github.com/containers/conmon /root/podman/conmon; \
cd conmon; \
make; \
install -D -m 755 bin/conmon /usr/libexec/podman/conmon; \
git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins; \
cd $GOPATH/src/github.com/containernetworking/plugins; \
./build_linux.sh; \
mkdir -p /usr/libexec/cni; \
\cp -fR bin/* /usr/libexec/cni; \
mkdir -p /etc/cni/net.d; \
curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf; \
mkdir -p /usr/share/containers; \
rm -rf /root/podman/*; \
yum -y remove git golang go-md2man make; \
yum clean all;
RUN useradd podman; \
echo podman:10000:5000 > /etc/subuid; \
echo podman:10000:5000 > /etc/subgid;
VOLUME /var/lib/containers
VOLUME /home/podman/.local/share/containers
RUN mkdir -p /home/podman/.local/share/containers
ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
RUN chown podman:podman -R /home/podman
# chmod containers.conf and adjust storage.conf to enable Fuse storage.
RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf
RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock
ENV _CONTAINERS_USERNS_CONFIGURED=""
Reference in New Issue View Git Blame Copy Permalink