Update Readme with information about Docker container #242
Conversation
obbardc
force-pushed
the
wip/obbardc/examples-fix
branch
from
2a4d0c1
to
73349ec
Compare
| docker run --rm --interactive --tty --device /dev/kvm --user $(id -u) --workdir /recipes --mount "type=bind,source=$(pwd),destination=/recipes" --security-opt label=disable godebos/debos <RECIPE.yaml> | ||
| docker run --rm --interactive --tty \ | ||
| --device /dev/kvm \ | ||
| --user $(id -u):$(id -g) \ |
There was a problem hiding this comment.
that's typically not needed
| docker run --rm --interactive --tty \ | ||
| --device /dev/kvm \ | ||
| --user $(id -u):$(id -g) \ | ||
| --group-add $(getent group kvm | cut -d: -f3) \ |
There was a problem hiding this comment.
kvm has uaccess tagged on modern systems so this is also not needed
There was a problem hiding this comment.
right, just having a look at this again since i don't fully understand the permissions here.
kvm has uaccess tagged on my system, and my user is part of the kvm group:
$ ls -la /dev/kvm
crw-rw----+ 1 root kvm 10, 232 Jan 28 09:36 /dev/kvm
$ getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: kvm
user::rw-
user:obbardc:rw-
group::rw-
mask::rw-
other::---
debos with kvm backend runs when i run it locally outside of docker, but not inside a container it breaks without this hunk of the patch:
$ docker run --rm --interactive --tty --device /dev/kvm --user $(id -u) --workdir /recipes --mount "type=bind,source=$(pwd),destination=/recipes" --security-opt label=disable godebos/debos:bullseye doc/examples/example.yaml
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize kvm: Permission denied
error starting kvm backend: <nil>
i am probably doing something wrong here, or my system is configured incorrectly!
There was a problem hiding this comment.
hm seems like if i remove the --user arg from docker then it works fine, but then i loose the file permissions on the recipies bind mount
README.md
Outdated
| builds a basic Debian tarball. | ||
|
|
||
| A collection of user-submitted recipes are available under the [debos-recipes](https://github.com/go-debos/debos-recipes) | ||
| repository. |
There was a problem hiding this comment.
I'd just removed that as debos-recipes isn't actually actively maintained at the moment
The docker command misses adding the kvm group to the container. This is required otherwise the container can't access /dev/kvm Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
obbardc
force-pushed
the
wip/obbardc/examples-fix
branch
from
73349ec
to
342f263
Compare
obbardc
changed the title
obbardc
changed the title
| ``` | ||
| docker pull godebos/debos | ||
| ``` | ||
| A Docker container containing the latest version of Debos is available from [Docker Hub](https://hub.docker.com/r/godebos/debos). |
There was a problem hiding this comment.
we should point to ghcr first
| docker pull godebos/debos | ||
| ``` | ||
| A Docker container containing the latest version of Debos is available from [Docker Hub](https://hub.docker.com/r/godebos/debos). | ||
| See [docker/README.md](https://github.com/go-debos/debos/blob/master/docker/README.md) for more information and usage. |
There was a problem hiding this comment.
also the links in this file need to be modified
| See [docker/README.md](https://github.com/go-debos/debos/blob/master/docker/README.md) for usage. | ||
|
|
||
| ## Installation (under Debian) | ||
| ## Installation from source (under Debian) |
There was a problem hiding this comment.
add a section about installing from packages in debian
| --workdir /recipes \ | ||
| --mount "type=bind,source=$(pwd),destination=/recipes" \ | ||
| --security-opt label=disable \ | ||
| godebos/debos recipe.yaml |
|
Closing in favour of #468 |
fix some documentation and the examples