Skip to content

Commit

Permalink
ioc: disable APT sandbox.
Browse files Browse the repository at this point in the history 
IOC containers do not require multiple users, and thus they are commonly
deployed without subuid and subgid to avoid creating files in volumes
mapped to the host filesystem with a uid/gid not possible to be handled
by its user outside the namespace. However, this breaks APT default
configuration due to its sandbox user `_apt`. Disable its sandbox so
that we can use APT in such deployment environments.
  • Loading branch information
@henriquesimoes
henriquesimoes committed Aug 27, 2024
1 parent 49d73fc commit fa37769
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
7 changes: 7 additions & 0 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

## Unreleased

### Bug fixes

* ioc: disable APT sandbox. by @henriquesimoes in
https://github.com/cnpem/epics-in-docker/69
* This allows to use APT in containers deployed in systems without subuid and
subgid.

### New features

* base: update ipmiComm patch to install general templates. by
Expand Down
2 changes: 2 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ ARG RUNTIME_PACKAGES
ARG RUNTIME_TAR_PACKAGES
ARG RUNTIME_PIP_PACKAGES

COPY --from=build-image /etc/apt/apt.conf.d/90-disable-sandbox.conf /etc/apt/apt.conf.d/90-disable-sandbox.conf

RUN apt update -y && \
apt install -y --no-install-recommends \
libreadline8 \
Expand Down

0 comments on commit fa37769

Please sign in to comment.