Paul Colomiets

Well, it looks like in RHEL 7 with kernel 3.10 (which Centos inherits AFAIK), doesn't allow unprivileged users to use user namespaces because they explicitly disabled the functionality: https://bugzilla.redhat.com/show_bug.cgi?id=917708

Sure. Thanks!

Notes to myself: 1. Alpine mostly works. But we have issues with setuid processes: ``` $ docker run --volume=$(pwd):/work --workdir=/work --privileged -i -t --rm tailhook/vagga:latest /vagga/bin/vagga --ignore-owner-check server (1/1) Installing...

Another update, if we don't export container outside it works fine: (this is just a hack, to keep `.vagga` in the volume) ``` $ docker run --volume=/Users/vm/ws/vagga/vagga.yaml:/work/vagga.yaml --workdir=/work --privileged -i...

Ubuntu failure is actually simple, because OS X system is case insensitive, the files: ``` lrwxrwxrwx 1 pc users 8 Jun 11 02:06 pam.7.gz -> PAM.7.gz -rw-r--r-- 1 pc users...

Well, in fact `setuptools` is not deleted, but not installed into the host system (pip is run from a temporary folder)

Just add them to `Py3Install` command.

Yes. I plan to do that. The only reason it isn't done yet, is that it requires patched kernel. Overlayfs in user namespaces (i.e. by unprivileged user) is not supported...

> > Other than a bit tricky async code and the absense of docs look good. > > I'm considering not doing а concurrent download of docker layers. Why? `FuturesUnordered`...

> With `FuturesUnordered` coroutines are launched without an order. So there is a possible situation when the first layer will be downloaded last. As a result an unpacking won't be...