0

I decided to take on a journey of containerization and learn more how containers work under the hood to gain more confidence and become a more proficient programmer. I am trying to run a simple nginx container in runc but I am stuck. I looked at the official documentation but there is not much details, I also googled it but didn't find any details so feel I need more guidance.

I have created an OCI bundle and acquired the root file system off of nginx image.

mkdir containers/nginx/rootfs
cd containers/nginx
docker export $(docker create nginx:alpine) | tar -C rootfs -xvf -

runc spec

Running sudo runc run mynginx gives me the default sh process but when I run nginx inside the container it errors out

/ # nginx
2023/03/12 22:33:52 [emerg] 6#6: chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted)
nginx: [emerg] chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted)

Why? Am I not root?

/ # id
uid=0(root) gid=0(root)

I am. The listing, though, shows that only /dev/, /proc and /sys are owned by root, other folders are owned by user 1001.

/ # ls -l
total 64
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 bin
drwxr-xr-x    5 root     root           360 Mar 12 22:33 dev
drwxr-xr-x    2 1001     1001          4096 Feb 11 10:04 docker-entrypoint.d
-rwxrwxr-x    1 1001     1001          1616 Feb 11 10:03 docker-entrypoint.sh
drwxr-xr-x   21 1001     1001          4096 Mar 12 20:35 etc
-rw-r--r--    1 1001     1001             0 Mar 12 21:59 hello
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 home
drwxr-xr-x    7 1001     1001          4096 Feb 11 10:04 lib
drwxr-xr-x    5 1001     1001          4096 Feb 10 16:45 media
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 mnt
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 opt
dr-xr-xr-x  306 root     root             0 Mar 12 22:33 proc
drwx------    2 1001     1001          4096 Mar 12 21:26 root
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 run
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 sbin
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 srv
dr-xr-xr-x   13 root     root             0 Mar 12 22:33 sys
drwxrwxr-x    2 1001     1001          4096 Feb 11 10:04 tmp
drwxr-xr-x    7 1001     1001          4096 Feb 10 16:45 usr
drwxr-xr-x   12 1001     1001          4096 Feb 10 16:45 var

What is going on? Can you help me?

jedi
  • 109
  • 1
    You have incorrect ownership for files and probably missing CAP_CHOWN capability – AlexD Mar 13 '23 at 22:53
  • OK, I used the official `nginx:alpine` Docker image so does it mean that the image was built to run `nginx` as root but the ownership for files in the container is wrong? – jedi Mar 14 '23 at 08:42
  • You run `docker export` with `EUID=1001` so all ownership of files got reset to UID=1001 – AlexD Mar 14 '23 at 08:50
  • @AlexD I ran `docker export` preceded by `sudo` and added the CAP_CHOWN capability but still have the same issue. – jedi Mar 14 '23 at 19:42
  • This helped me a lot. Very informative video for a start https://www.youtube.com/watch?v=ZAhzoz2zJj8 – jedi Mar 14 '23 at 22:54

0 Answers0