Pavel Raiskup
Pavel Raiskup
I don't have `docker` in hand, are you running a `--privileged` conatianer? For mounting you need to have CAP_SYS_ADMIN capability.
Weird, can you test the mount command in isolation? ``` $ mkdir /test $ /bin/mount -n -t tmpfs -o rprivate tmpfs /test ``` .. and diagnose why it is failing?
Mock switches to root on demand, per `/etc/security/console.apps/mock`. So please try as root, if it fails you likely miss some capabilities. If it works - the question is why mock...
Can you perhaps check with `getpcaps 1`? Dunno. Podman build e.g. seems to support the `--cap-add=CAP_xxx` option. For me it is harder to experiment with Docker (switched years ago, and...
> I want to build and store the root_cache tarballs in the created docker image to speed up the (very repeated) run-time usage of the images/containers. This is interesting, I'm...
Can you try `docker build --cap-add=CAP_SYS_ADMIN` or something like that?
I was able to run mock at container build time using: `$ podman build --security-opt=label=disable --cap-add=CAP_SYS_ADMIN . -t mock`
But it fails also without `--use-bootstrap-chroot` on F38 with the rpm-sequoia policy: ``` Importing GPG key 0x80420F66: Userid : "Mageia Packages " Fingerprint: 00ED B895 85B0 12A8 916F 0DF8 B742...
> The certificate is expired: The primary key is not live This issue in particular is fixed by https://github.com/xsuchy/distribution-gpg-keys/pull/99 (bootstrap-installation-from-host failure). The original problem with outdated cauldron image stays, though.
FTR, the Mageia bootstrap_image we use is non-official; and it seems stuck on this rather political issue: https://github.com/juanluisbaptiste/docker-brew-mageia/issues/30