qemu-docker
qemu-docker copied to clipboard
Published
20 hours ago •
qemus
qemus
Security Issue: Requires Root Privs
Operating system
Parabola GNU/Linux-libre
Description
I have my user added to the kvm group, and also rootless podman is setup, it should work without root privs.
Dockerfile
FROM scratch
COPY --from=qemux/qemu-docker:5.16 / /
ARG VERSION_ARG="0.0"
ARG DEBCONF_NOWARNINGS="yes"
ARG DEBIAN_FRONTEND="noninteractive"
ARG DEBCONF_NONINTERACTIVE_SEEN="true"
RUN set -eu && \
apt-get update && \
apt-get --no-install-recommends -y install \
bc \
curl \
7zip \
wsdd \
samba \
xz-utils \
wimtools \
dos2unix \
cabextract \
genisoimage \
libxml2-utils && \
apt-get clean && \
echo "$VERSION_ARG" > /run/version && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
COPY --chmod=755 ./src /run/
COPY --chmod=755 ./assets /run/assets
ADD --chmod=755 https://raw.githubusercontent.com/christgau/wsdd/v0.8/src/wsdd.py /usr/sbin/wsdd
ADD --chmod=664 https://github.com/qemus/virtiso/releases/download/v0.1.248/virtio-win-0.1.248.tar.xz /drivers.txz
EXPOSE 8006 3389
VOLUME /storage
ENV RAM_SIZE "4G"
ENV CPU_CORES "2"
ENV DISK_SIZE "64G"
ENV VERSION "win11"
ENTRYPOINT ["/usr/bin/tini", "-s", "/run/entry.sh"]
Docker log
❯ ERROR: Script must be executed with root privileges.
Screenshots (optional)
No response
I was able to get this image working on rootless docker by editing /etc/subgid. On my system, my username is nate, and the kvm user has gid 104, so I added this line.
nate:104:1
I wrote a very short script to do this process automatically (requires root privileges).
#!/bin/bash
read -p "Enter your username: " DOCKER_USER
KVM_GROUP="$(cat /etc/group | grep ^kvm | awk -F: '{print $3;}')"
printf "%s:%s:1\n" "$DOCKER_USER" "$KVM_GROUP" >> /etc/subgid
If this doesn't work, you may need to add the kvm group to your container. First, find the group that the host kvm group maps to.
#!/bin/bash
read -p "Enter your username: " DOCKER_USER
KVM_GROUP="$(cat /etc/group | grep ^kvm | awk -F: '{print $3;}')"
KVM_MAPPED_GROUP=1
while read MAPPING ; do
if [ "$(printf "%s\n" "$MAPPING" | awk -F: '{print $2;}')" -eq "$KVM_GROUP" ] ; then
break
fi
MAP_SIZE="$(printf "%s\n" "$MAPPING" | awk -F: '{print $3;}')"
KVM_MAPPED_GROUP="$(expr "$KVM_MAPPED_GROUP" + "$MAP_SIZE")"
done < <(grep "^$DOCKER_USER" /etc/subgid)
echo "KVM group: $KVM_MAPPED_GROUP"
Then, in your docker-compose.yml file, add the following lines:
services:
qemu:
# ...
group_add:
- [the group number from the previous step]
