LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Containers
User Name
Password
Linux - Containers This forum is for the discussion of all topics relating to Linux containers. Docker, LXC, LXD, runC, containerd, CoreOS, Kubernetes, Mesos, rkt, and all other Linux container platforms are welcome.

Notices


Reply
  Search this Thread
Old 09-09-2020, 12:05 PM   #1
MALDATA
Member
 
Registered: Mar 2005
Posts: 147

Rep: Reputation: 19
Modifying an image file inside a gitlab docker runner


Hi all,

I have a process that I run regularly on my host PC. I download the stock Debian beaglebone image, mount the image as loopback devices, chroot into it, and make some changes.

I would like to do this same thing in a docker container via a gitlab pipeline. That is, when I tag a new version of our software, the pipeline builds it and then makes a new image with the new version installed.

I can't figure out how to get this to work. It seems like the container needs elevated permissions and/or access to the host's loopback device nodes, and I can't really find good resources for how this can work in gitlab. Beyond that, though, all I'm doing is manipulating the contents of a file I own, so it seems strange that there's no way to do that without elevated privileges.

As it is, what I'm trying (and failing) to do, looks something like this:

Quote:
mkdir -p /tmp/dev
mknod -m 0660 /tmp/dev/loop0 b 7 0
/sbin/losetup -P /tmp/dev/loop0 ./my-image.img
So, I make a loopback device (because one doesn't exist), then try to use losetup to hook it up to that image. Gitlab says the pipeline fails because "losetup: /tmp/dev/loop0: failed to set up loop device: Operation not permitted"

So, in googling that, I found a lot of people doing similar things, but no real solutions (and a lot of very old, obsolete posts). This got me thinking about why I need any elevated privileges at all, because really all I want to do is dump some files into the image.

I don't know much about fuse, but is that a potential answer? Or is there something else I'm missing that would work well here? And if I just need to force docker to let me do these thing, how would that work in gitlab?

Thanks
 
Old 09-11-2020, 03:48 PM   #2
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 611

Rep: Reputation: 303Reputation: 303Reputation: 303Reputation: 303
Docker runs as root and typically docker containers will run as the root user as well.
I was able to run those commands in a docker container with a root user without that error. Interestingly, it showed up outside my docker container, which probably goes to show why you should be careful running software in a docker container under a root user (which is common).
However, a pipeline will probably not be running the container as a root user. It's probably using a unprivileged user, which would explain why you're getting a operation not permitted error.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Containers

All times are GMT -5. The time now is 06:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration