Hello
I am trying to build a containerized cross-compilation environment (building Arm and Arm64 on x86_64) that produces non-root outputs.
uname -a
Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
docker --version
Docker version 18.06.0-ce, build 0ffa825
The environment has qemu-user-static installed which allows ARM binaries to run if /proc/sys/fs/binfmt_misc/qemu-arm
is mounted by running
mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc/
No matter how I configure the container and/.or users, mount always fails with mount: only root can use "--types" option
or, if using --cap-add all
, something like this:
$ docker run --cap-add all -v ~/src:/src arm64
----------------------------------------------------------------
User: root
mount: binfmt_misc is write-protected, mounting read-only
mount: cannot mount binfmt_misc read-only
mount: binfmt_misc is write-protected, mounting read-only
mount: cannot mount binfmt_misc read-only
update-binfmts: warning: Couldn't mount the binfmt_misc filesystem on /proc/sys/fs/binfmt_misc.
cat: /proc/sys/fs/binfmt_misc/qemu-arm: No such file or directory
Error: No proc/sys/fs/binfmt_misc/qemu-arm.
The container CMD entry point is a script containing the following attempts to get things to work
echo "----------------------------------------------------------------"
echo "User: `(whoami)`"
#su
mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc/
#mount
update-binfmts --enable qemu-arm
cat /proc/sys/fs/binfmt_misc/qemu-arm
if [ ! -e "/proc/sys/fs/binfmt_misc/qemu-arm" ]; then
echo "Error: No proc/sys/fs/binfmt_misc/qemu-arm."
exit
fi
echo "----------------------------------------------------------------"
adduser --disabled-password --gecos '' docker
adduser docker sudo
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# su -m docker -c /src/docker/arm64/main.sh
su -m docker -c /src/docker/arm64/main.sh
I suspect what I really need is something like that discussed here: https://github.com/moby/moby/issues/1916
Any help welcomed, Thanks for listening.