Skip to content

Commit

Permalink
fix rootless docs
Browse files Browse the repository at this point in the history 
Signed-off-by: Akihiro Suda <[email protected]>
  • Loading branch information
@AkihiroSuda
AkihiroSuda committed Jun 1, 2018
1 parent 65b5264 commit c9c0603
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ During development, BuildKit is tested with the version of runc that is being us
### Running BuildKit without root privileges
Please refer to `[docs/rootless.md]`(docs/rootless.md).
Please refer to [`docs/rootless.md`](docs/rootless.md).
### Contributing
Expand Down
4 changes: 2 additions & 2 deletions docs/rootless.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# Rootless mode (Experimental)

Requirements:
- runc (May 30, 2018) or later
- runc `ecd55a4135e0a26de884ce436442914f945b1e76` (May 30, 2018) or later
- Some distros such as Debian and Arch Linux require `echo 1 > /proc/sys/kernel/unprivileged_userns_clone`
- `newuidmap` and `newgidmap` need to be installed on the host. These commands are provided by the `uidmap` package.
- `/etc/subuid` and `/etc/subgid` should contain >= 65536 sub-IDs. e.g. `penguin:231072:65536`.
- To run in a Docker container with non-root `USER`, `docker run --privileged` is still required. See also Jessie's blog: https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/

Setting up rootless mode also requires some bothersome steps as follows, but we will soon have automation tool.
Setting up rootless mode also requires some bothersome steps as follows, but you can also use [`rootlesskit`](https://github.com/AkihiroSuda/rootlesskit) for automating these steps.

## Terminal 1:

Expand Down

0 comments on commit c9c0603

Please sign in to comment.