Skip to content
This repository has been archived by the owner on Oct 26, 2023. It is now read-only.

Commit

Permalink
Fixed default image policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@mgoltzsche
mgoltzsche committed Oct 27, 2018
1 parent 609fb8b commit 1bb482d
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 6 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ make ide

## Examples

The following examples assume your policy accepts docker images or you have copied [policy-example.json](policy-example.json) to `/etc/containers/policy.json` on your host.
The following examples assume your policy accepts docker images or you have copied [image-policy-example.json](image-policy-example.json) to `/etc/containers/policy.json` on your host.

### Create and run container from Docker image
```
Expand Down
2 changes: 1 addition & 1 deletion cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ func init() {
if uid != 0 {
flagStateDir = "/run/user/" + strconv.Itoa(uid) + "/ctnr"
}
flagImagePolicy = "insecure"
flagImagePolicy = "reject"
policyFile := "/etc/containers/policy.json"
if _, err = os.Stat(policyFile); err == nil {
flagImagePolicy = policyFile
Expand Down
13 changes: 9 additions & 4 deletions experiments.md
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
# Experiments with nested containers

... on an ubuntu 16.04 host
... in the repository directory on an ubuntu 16.04 host.


## Run ctnr container inside privileged docker container
```
docker run -ti --rm --privileged \
-v $(pwd)/dist/bin/ctnr:/bin/ctnr \
-v "$(pwd)/dist/bin/ctnr:/bin/ctnr" \
-v "$(pwd)/image-policy-example.json:/etc/containers/policy.json" \
alpine:3.7
> ctnr run -t --network=host docker://alpine:3.7
```
Expand All @@ -15,7 +16,9 @@ docker run -ti --rm --privileged \
## Run ctnr container inside unprivileged user's privileged ctnr container
```
dist/bin/ctnr run -t --privileged \
-v $(pwd)/dist/bin/ctnr:/bin/ctnr \
-v "$(pwd)/dist/bin/ctnr:/bin/ctnr" \
-v "$(pwd)/image-policy-example.json:/etc/containers/policy.json" \
--image-policy=image-policy-example.json \
docker://alpine:3.7
> ctnr run -t --rootless --network=host docker://alpine:3.7
```
Expand All @@ -24,7 +27,8 @@ dist/bin/ctnr run -t --privileged \
## Not working: Run ctnr container inside unprivileged docker container
```
docker run -ti --rm \
-v $(pwd)/dist/bin/ctnr:/bin/ctnr \
-v "$(pwd)/dist/bin/ctnr:/bin/ctnr" \
-v "$(pwd)/image-policy-example.json:/etc/containers/policy.json" \
alpine:3.7
> ctnr run -ti --rootless --network=host docker://alpine:3.7
```
Expand All @@ -40,6 +44,7 @@ docker run -ti --rm --user=`id -u`:`id -g` \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v "$HOME/.ctnr:/.ctnr" \
-v "$(pwd)/dist/bin:/usr/local/bin" \
-v "$(pwd)/image-policy-example.json:/etc/containers/policy.json" \
debian:9 /bin/bash
$ ctnr --state-dir /tmp/ctnr run --verbose -ti -b test --update --rootless --no-new-keyring --no-pivot docker://alpine:3.8
```
Expand Down
0 policy-example.json → image-policy-example.json
View file
File renamed without changes.

0 comments on commit 1bb482d

Please sign in to comment.