0

I decided to take on a journey of containerization and learn more how containers work under the hood to gain more confidence and become a more proficient programmer. I am trying to run a simple nginx container in runc but I am stuck. I looked at the official documentation but there is not much details, I also googled it but didn't find any details so feel I need more guidance.

I have created an OCI bundle and acquired the root file system off of nginx image.

mkdir containers/nginx/rootfs
cd containers/nginx
docker export $(docker create nginx:alpine) | tar -C rootfs -xvf -

runc spec

Running sudo runc run mynginx gives me the default sh process but when I run nginx inside the container it errors out

/ # nginx
2023/03/12 22:33:52 [emerg] 6#6: chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted)
nginx: [emerg] chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted)

Why? Am I not root?

/ # id
uid=0(root) gid=0(root)

I am. The listing, though, shows that only /dev/, /proc and /sys are owned by root, other folders are owned by user 1001.

/ # ls -l
total 64
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 bin
drwxr-xr-x    5 root     root           360 Mar 12 22:33 dev
drwxr-xr-x    2 1001     1001          4096 Feb 11 10:04 docker-entrypoint.d
-rwxrwxr-x    1 1001     1001          1616 Feb 11 10:03 docker-entrypoint.sh
drwxr-xr-x   21 1001     1001          4096 Mar 12 20:35 etc
-rw-r--r--    1 1001     1001             0 Mar 12 21:59 hello
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 home
drwxr-xr-x    7 1001     1001          4096 Feb 11 10:04 lib
drwxr-xr-x    5 1001     1001          4096 Feb 10 16:45 media
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 mnt
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 opt
dr-xr-xr-x  306 root     root             0 Mar 12 22:33 proc
drwx------    2 1001     1001          4096 Mar 12 21:26 root
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 run
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 sbin
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 srv
dr-xr-xr-x   13 root     root             0 Mar 12 22:33 sys
drwxrwxr-x    2 1001     1001          4096 Feb 11 10:04 tmp
drwxr-xr-x    7 1001     1001          4096 Feb 10 16:45 usr
drwxr-xr-x   12 1001     1001          4096 Feb 10 16:45 var

What is going on? Can you help me?

jedi
  • 2,003
  • 5
  • 28
  • 66
  • I’m voting to close this question because this question belongs to https://serverfault.com – Gilles Quénot Mar 12 '23 at 22:50
  • How is it not about programming? @GillesQuénot – jedi Mar 12 '23 at 22:52
  • Creating container is not dev but admin. This is close to the edges, I retract my downvote. – Gilles Quénot Mar 12 '23 at 22:57
  • Interesting opinion...I don't agree. Developers also create containers. It's developers who create this technology after all. – jedi Mar 12 '23 at 23:01
  • Yes, but seems not a programing question as requested by SO rules. You have no code here, just commands to create containers. It's usually the topics on serverfault. But I agree, the community here is bigger and you have more chances to have a response – Gilles Quénot Mar 12 '23 at 23:25
  • You have a good question, but you have posted to the wrong StackEachange site. I’m voting to close this question because your question is not "Programming" related, it is more appropriate for the StackExchange site [Server Fault](http://serverfault.com/) This question is basically how do I start/run `nginx` in a container. – David C. Rankin Mar 13 '23 at 05:19
  • @DavidC.Rankin Interesting. It looks like containers are not programming related :D – jedi Mar 13 '23 at 09:43
  • @DavidC.Rankin The question is not about how to start Nginx in a container but how to run Nginx in runc specifically. Runc is a container runtime that developers have created to run applications in containers. – jedi Mar 13 '23 at 13:43
  • @jedi this is a close call. What you are doing is setting permission and configured UID/GID to get nginx to run in a container. If this is "Programming", I apologize, but I simply don't see it that way. Admittedly I know little about runc, but with over two decades of Linux administration and coding since the mid-80's, this looks a lot more like admin than programming. SO is wise to require 3 close-votes, or 1 from a member with a gold-badge in the tag, so you are safe. – David C. Rankin Mar 13 '23 at 22:00
  • Sure @DavidC.Rankin no problem, I won't argue :) – jedi Mar 13 '23 at 22:06

0 Answers0