containerd: Can not run containerd as non-root user
So I started containerd as a non-root user, my config file below:
state = "/tmp/containerd"
oom_score = 0
[grpc]
address = "/tmp/containerd/containerd.sock"
uid = 1000
gid = 1000
[debug]
address = "/tmp/containerd/debug.sock"
uid = 1000
gid = 1000
level = "info"
So I started containerd as a non-root user, my config file below:
```root = "/tmp/containerd/root"
state = "/tmp/containerd"
oom_score = 0
[grpc]
address = "/tmp/containerd/containerd.sock"
uid = 1000
gid = 1000
[debug]
address = "/tmp/containerd/debug.sock"
uid = 1000
gid = 1000
level = "info"
[metrics]
address = ""
[cgroup]
path = ""```
And I'm trying to pull an image using ctr, but I get this error:
unpacking sha256:aeaedc464482b5076c6f2c1d2de8653709c02cbdf0b7f42906d7318f35094e5e… INFO[0052] Apply failure, attempting cleanup error=“rpc error: code = Unknown desc = failed to mount: operation not permitted” key=“extract-181850504-0kvE sha256:cd7100a72410606589a54b932cabd804a17f9ae5b42a1882bd56d263e02b6215” ctr: failed to extract layer sha256:cd7100a72410606589a54b932cabd804a17f9ae5b42a1882bd56d263e02b6215: rpc error: code = Unknown desc = failed to mount: operation not permitted
and I think it must be with the file systems, I wonder whether the upstream work happening with `img` or `runc` would allow me to import/run as rootless, (I'm good with using runc natively as rootless and works fine), I wonder how that changes when using ctr/containerd API, as I need to import the images or can I just point the path to rootfs and will it work? Any helpers/pointers would be appreciatedAbout this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 16 (11 by maintainers)
I have PR for rootless mode https://github.com/containerd/containerd/pull/2006
The actual use case here: https://github.com/kubernetes/community/pull/1934/files
I don’t know anyone that’s tried to run containerd rootless, so warning this may take a pr to make it happen 😃