L1-node icon indicating copy to clipboard operation
L1-node copied to clipboard
verified publisher icon filecoin-saturn

Support running the container rootless

Open vorburger opened this issue 3 years ago • 2 comments

I am exploring running the ghcr.io/filecoin-saturn/l1-node:main container in another container runtime environment (k8s) than on Docker via your run.sh and noticed the following error:

2022/11/19 23:42:19 [emerg] 29#29: chown("/usr/src/app/shared/nginx_cache", 101) failed (1: Operation not permitted)
nginx: [emerg] chown("/usr/src/app/shared/nginx_cache", 101) failed (1: Operation not permitted)

I suspect that this is because on (my) k8s the file permission on the /usr/src/app/shared/ volume is slightly different than on Docker?

I'm not sure you if this is a real problem or can just be ignored.

vorburger avatar Nov 19 '22 23:11 vorburger

I'm not sure you if this is a real problem or can just be ignored.

This log message is a "real" critical (note emerg = Nginx "Emergency") problem which blocks orderly start-up.

#120 raised to make this easier to understand for future users.

I suspect that this is because on (my) k8s the file permission (...)

It's actually not really that, the reason was just that I tried to run it with more limited Linux capabilities than root, for a better security posture. This would be similar e.g. to "rootless" Docker (or Podman), where I suspect one woul also run int this error (not yet tested).

vorburger avatar Nov 23 '22 21:11 vorburger

https://github.com/docker-library/docs/tree/master/nginx#running-nginx-as-a-non-root-user 😹

vorburger avatar Dec 03 '22 11:12 vorburger