Join Log in
Score:0
jedi avatar Server

How to run nginx in runc?

cc flag
jedi

I decided to take on a journey of containerization and learn more how containers work under the hood to gain more confidence and become a more proficient programmer. I am trying to run a simple nginx container in runc but I am stuck. I looked at the official documentation but there is not much details, I also googled it but didn't find any details so feel I need more guidance.

I have created an OCI bundle and acquired the root file system off of nginx image.

mkdir containers/nginx/rootfs
cd containers/nginx
docker export $(docker create nginx:alpine) | tar -C rootfs -xvf -

runc spec

Running sudo runc run mynginx gives me the default sh process but when I run nginx inside the container it errors out

/ # nginx
2023/03/12 22:33:52 [emerg] 6#6: chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted)
nginx: [emerg] chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted)

Why? Am I not root?

/ # id
uid=0(root) gid=0(root)

I am. The listing, though, shows that only /dev/, /proc and /sys are owned by root, other folders are owned by user 1001.

/ # ls -l
total 64
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 bin
drwxr-xr-x    5 root     root           360 Mar 12 22:33 dev
drwxr-xr-x    2 1001     1001          4096 Feb 11 10:04 docker-entrypoint.d
-rwxrwxr-x    1 1001     1001          1616 Feb 11 10:03 docker-entrypoint.sh
drwxr-xr-x   21 1001     1001          4096 Mar 12 20:35 etc
-rw-r--r--    1 1001     1001             0 Mar 12 21:59 hello
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 home
drwxr-xr-x    7 1001     1001          4096 Feb 11 10:04 lib
drwxr-xr-x    5 1001     1001          4096 Feb 10 16:45 media
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 mnt
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 opt
dr-xr-xr-x  306 root     root             0 Mar 12 22:33 proc
drwx------    2 1001     1001          4096 Mar 12 21:26 root
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 run
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 sbin
drwxr-xr-x    2 1001     1001          4096 Feb 10 16:45 srv
dr-xr-xr-x   13 root     root             0 Mar 12 22:33 sys
drwxrwxr-x    2 1001     1001          4096 Feb 11 10:04 tmp
drwxr-xr-x    7 1001     1001          4096 Feb 10 16:45 usr
drwxr-xr-x   12 1001     1001          4096 Feb 10 16:45 var

What is going on? Can you help me?

138
0 + 5
jp flag
AlexD
You have incorrect ownership for files and probably missing CAP_CHOWN capability
1
Reply
jedi avatar
cc flag
jedi
OK, I used the official `nginx:alpine` Docker image so does it mean that the image was built to run `nginx` as root but the ownership for files in the container is wrong?
0
Reply
jp flag
AlexD
You run `docker export` with `EUID=1001` so all ownership of files got reset to UID=1001
0
Reply
jedi avatar
cc flag
jedi
@AlexD I ran `docker export` preceded by `sudo` and added the CAP_CHOWN capability but still have the same issue.
0
Reply
jedi avatar
cc flag
jedi
This helped me a lot. Very informative video for a start https://www.youtube.com/watch?v=ZAhzoz2zJj8
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.