-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
error when forking: Operation not permitted (os error 1) #503
Comments
Hm.. can you try Also take a look at |
I'm getting the same error with the official image. It doesn't seem to be getting to reading the referenced busybox image as it doesn't make a difference whether it's there or not. On the host and vagga container: Not sure about I'm not entirely sure whether that section applies to the host or the container where vagga is running. I am assuming the latter. (I also won't have much control over the host where I want to run it) In the vagga container I am not getting anything in I noticed I didn't include the |
To the host. But if it's in container is
That's fine as long as user is root. There is two probable reasons of "Permissions denied" in your case: either apparmor disables that (or selinux, but apparmor is more probable on ubuntu) or docker has some limitations (either in the new version, or because it configured somehow specifically).
Another question is why do you run vagga in docker? |
I can see that the docs (linked from the main) also mention those files but neither
After restarting apparmor
I was hoping that I could use vagga to run a docker container in a serverless environment like Google's Dataflow or Pipeline API which run unprivileged docker containers. The Pipeline API allows me to run a my own docker container but I want to run an existing third party container within the container to perform the actual work. Dataflow doesn't really allow me to specify the container and dependencies need to be installed (via the package manager or pip). With the Pipeline API I could also extend the third party container but I have a number of different ones, which gets messy and is still limiting (as I couldn't run two containers that way). The alternative is for me to run a separate cluster with the desired containers but then I have one set of workers depend on another set of workers and I loose some of the serverless benefits. (I only need the third party containers for a limited time, i.e. not 24/7) |
Just hit this one, too. |
It appears the issue might be google/gvisor#144 (comment)
Some people recommend using |
@mkpankov, vagga uses pivot root everywhere exactly for this reason. So the issue is somewhere else. |
And well, it works other way around, you need external container to use pivot_root instead of chroot, not vagga itself. So it might be docker uses chroot (although, I think it shouldn't). |
If you have some time to play with it you can try the folowing things:
|
Not sure if that is related to #156
I'm getting error
error when forking: Operation not permitted (os error 1)
.Steps to reproduce:
Using
Dockerfile
for vagga:Build vagga image:
Save sample image (
busybox.tar.gz
):vagga.yaml
:Run:
Error:
The text was updated successfully, but these errors were encountered: