You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 24, 2020. It is now read-only.
I've experienced unexpected difficulties in what I thought would be straightforward containerisation with rkt: inside container daemon was just dying instead of starting.
After a while I've figured that it could not drop privileges and indeed reproducing with /sbin/runuser -u www-data -- whoami returned Bad system call.
It took me a long while to find counter-intuitive workaround in #3820 (comment):
which fixed the problem and reproducer /sbin/runuser -u www-data -- whoami now correctly responds with www-data.
I would have never be able to guess (or find) what is necessary to "fix" the problem in man pages or documentation.
I think we have a prominent case of incredibly restrictive defaults.
Let's improve it please.
I've experienced unexpected difficulties in what I thought would be straightforward containerisation with rkt: inside container daemon was just dying instead of starting.
After a while I've figured that it could not drop privileges and indeed reproducing with
/sbin/runuser -u www-data -- whoami
returnedBad system call
.It took me a long while to find counter-intuitive workaround in #3820 (comment):
which fixed the problem and reproducer
/sbin/runuser -u www-data -- whoami
now correctly responds withwww-data
.I would have never be able to guess (or find) what is necessary to "fix" the problem in man pages or documentation.
I think we have a prominent case of incredibly restrictive defaults.
Let's improve it please.
Environment
What did you do?
What did you expect to see?
What did you see instead?
The text was updated successfully, but these errors were encountered: