nerdctl icon indicating copy to clipboard operation
nerdctl copied to clipboard

Published 20 hours ago verified publisher icon containerd

let `sudo nerdctl <COMMAND> <TAB>` show rootful objects, not rootless ones

Open AkihiroSuda opened this issue 3 years ago • 6 comments

Currently, sudo nerdctl rm <TAB> shows rootless containers, but this should show rootful containers.

AkihiroSuda avatar Mar 09 '21 09:03 AkihiroSuda

Hi @AkihiroSuda, looking at this and I have 2 questions. 1/ is this only applicable to bash or does it apply to other/all shells? 2/ just to clarify, sudo nerdctl rm <TAB> should show both rootless and rootful containers ?

ginglis13 avatar Apr 01 '22 18:04 ginglis13

Hi @AkihiroSuda, looking at this and I have 2 questions. 1/ is this only applicable to bash or does it apply to other/all shells? 2/ just to clarify, sudo nerdctl rm <TAB> should show both rootless and rootful containers ?

  1. Not familiar with other shells, but probably it should be consistent across all shells
  2. No, only rootful ones should be shown

AkihiroSuda avatar Apr 01 '22 21:04 AkihiroSuda

I did some looking into how tab completion is implemented and I don't believe the implementation itself is the root cause. IIUC cobra commands are not aware of being run with privileges or not.

I'm curious if this tab completion is expected behavior / reflected in Docker so I compared the two. So far I've only been able to replicate this when I have both rootful and rootless containerd running. I've been able to replicate when both rootful and rootless dockerd are exclusively running as well. In setting up rootless docker, there is a warning called out about running both simultaneously:

$ curl -fsSL https://get.docker.com/rootless | sh
# Installing stable version 20.10.14
# Executing docker rootless install script, commit: 0225270
Aborting because rootful Docker is running and accessible. Set FORCE_ROOTLESS_INSTALL=1 to ignore.

I'm not sure exactly what the potential side effects of ignoring that warning are.

I'm able to see the same tab completion behavior when I have both rootless and rootful docker running with the below:

$ systemctl --user start docker 
$ sudo systemctl start docker
$ docker context use rootless  # https://docs.docker.com/engine/security/rootless/#client
rootless
Current context is now "rootless"
$ docker run -d -p 8080:80 nginx
516adea92935b363ce0821c20c0e271203a7a56cadb5ba164e6f6ac81872a4a4
$ docker container ls
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                                   NAMES
516adea92935   nginx     "/docker-entrypoint.…"   9 seconds ago   Up 6 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp   stupefied_sammet
# $ sudo docker stop <TAB> 
$ sudo docker stop stupefied_sammet  # tab completion
Error response from daemon: No such container: stupefied_sammet
# $ docker stop <TAB>
$ docker stop stupefied_sammet  # tab competion
stupefied_sammet
$ sudo docker rm stupefied_sammet  # tab completion
Error response from daemon: No such container: stupefied_sammet
$ docker rm stupefied_sammet  # tab completion
stupefied_sammet

Same behavior with containerd and nerdctl:

$ systemctl --user start containerd
$ sudo systemctl start containerd
$ nerdctl run -d -p 8080:80 nginx
4cb936b973006efdf28d145c64978f9e9e0967f9e6cdc747d51cbf223c1862c7
$ nerdctl container ls
CONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS    PORTS                   NAMES
4cb936b97300    docker.io/library/nginx:latest    "/docker-entrypoint.…"    3 seconds ago    Up        0.0.0.0:8080->80/tcp    nginx-4cb93    
$ sudo nerdctl stop nginx-4cb93 
FATA[0000] no such container nginx-4cb93                
$ nerdctl stop nginx-4cb93 
nginx-4cb93
$ sudo nerdctl rm nginx-4cb93  # tab completion
FATA[0000] no such container nginx-4cb93                
$ nerdctl rm nginx-4cb93  # tab completion
nginx-4cb93

I have not been able to replicate this when I have just the rootful service running, e.g. 1/ started a container with rootless containerd/nerdctl, 2/ stopped the rootless containerd service, 3/ started the rootful containerd service, 4/ tested tab completion with sudo stop <TAB>, sudo rm <TAB> no results. Did the same 1/2/3/4 for docker, same results as with containerd/nerdctl.

I'm curious then if this is expected behavior for when both the rootful and rootless service are running? Is there a use case for for running both rootful and rootless containerd simultaneously (if that is the root cause) ?

ginglis13 avatar Apr 07 '22 05:04 ginglis13

Yes, the current behavior is consistent with Docker and it is kinda "expected", but it would be nice if we can make sudo nerdctl <TAB> aware of sudo. This is an enhancement task for Cobra rather than nerdctl itself.

AkihiroSuda avatar Apr 07 '22 05:04 AkihiroSuda