-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission issues using the docker image with podman #411
Comments
I believe the following documentation explains how to set up an environment similar to the one you’re describing. Please let me know if it doesn’t work for you. Thanks! https://github.com/open-telemetry/weaver/blob/main/docs/docker-guide.md |
Bonjour Laurent. I also tried using:
but the docker image still wrote files with a different user, this did not work. My UID:GID is 1000:1000 locally, the docker image creates files with 100999:100999, The doc also mention:
This does not work for SELinux, which is why I used:
with USE_MOUNT_OPTION being |
Bonjour Marc! Let me loop in @jsuereth on this thread. I recall him mentioning a workaround for SELinux, but I don’t remember the exact trick. |
The SELinux part is solved, I mentioned it because what is in the doc does not work for SELinux. To clarify, I am using Running with:
actually creates files using my own local account (malff, 1000:1000), without the need to use chmod.
|
I think we will update the docs to have recommendations for SELinux users. I didn't include them earlier because the Thanks for calling this out! |
Thanks @jsuereth I was affected by 2 issues:
I am mostly concerned about the second, because I do not know how to write a script that will work for both docker and podman, to be checked in the opentelemetry-cpp repository. |
Ran into a similar issue while using It causes a failure like this:
I am using |
Just coming back to this: It seems like with podmon and SELinux the only option is the following:
Given the abysmal state of Docker around SELinux and filesystem mounting options, I'm not sure we have any other recourse here. A few things to tryt:
|
I am trying to migrate opentelemetry-cpp to use weaver.
To do this, I am using the docker image, and looked at the scripts used in opentelemetry-rust as an example.
Using this:
I get:
This is because the docker command can not write to the
${ROOT_DIR}/wip/attributes
directory, which is owned by my user account (malff
).Doing a chmod to allow everyone to write there allows files to be written, but then they have a different ownership.
When using the docker image for build-tools, the image did write files owned by my own account, and I did not have to open permissions or to adjust file ownership, it just worked.
I am NOT willing to add a
chmod o+w
just to make the script pass, so this is blocking.How can I use weaver with docker, to generate files with the proper file ownership ?
The text was updated successfully, but these errors were encountered: