Я пытаюсь создать (в идеале без root) контейнеры runc из образов Docker, но полученные контейнеры не могут обмениваться данными по сети.Как настроить сеть для контейнеров?
Я пробовал netns в качестве предварительного запуска, но не смог заставить его работать.Кроме этого, я безуспешно пытался активировать / деактивировать пространства имен и возможности.
В качестве корневой файловой системы я использую экспортированный образ докера Ubuntu.
config.json
{
"ociVersion": "1.0.0-rc5-dev",
"root": {
"path": "rootfs",
"readonly": false
},
"process": {
"args": [
"bash", "./startup.sh", "mathPublisher_ecal"
],
"cwd": "/app",
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"oomScoreAdj": 0,
"terminal": true,
"user": {
"gid": 0,
"uid": 0
},
"noNewPrivileges": true,
"capabilities": {
"bounding": [
"CAP_MKNOD",
"CAP_NET_RAW",
"CAP_KILL",
"CAP_AUDIT_WRITE",
],
"effective": [
"CAP_MKNOD",
"CAP_NET_RAW",
"CAP_KILL",
"CAP_AUDIT_WRITE"
],
"inheritable": [
"CAP_MKNOD",
"CAP_NET_RAW",
"CAP_KILL",
"CAP_AUDIT_WRITE"
],
"permitted": [
"CAP_MKNOD",
"CAP_NET_RAW",
"CAP_KILL",
"CAP_AUDIT_WRITE"
]
},
"rlimits": [
{
"type" : "RLIMIT_AS",
"soft" : 419430400,
"hard" : 419430400
}
]
},
"hooks": {
"prestart" : [
{
"path" : "/path/to/netns",
"args" : [
"",
"--state-dir", "/path/to/netns/netns-state"
]
}
]
},
"linux": {
"uidMappings": [
{
"hostID": 500101175,
"containerID": 0,
"size": 1
}
],
"gidMappings": [
{
"hostID": 513,
"containerID": 0,
"size": 1
}
],
"maskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"namespaces": [
{
"type": "mount"
},
{
"type": "uts"
},
{
"type": "pid"
},
{
"type": "ipc"
},
{
"type": "user"
}
],
"readonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"mounts": [
{
"destination": "/proc",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "proc",
"type": "proc"
},
{
"destination": "/dev",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
],
"source": "tmpfs",
"type": "tmpfs"
},
{
"destination": "/dev/pts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620"
],
"source": "devpts",
"type": "devpts"
},
{
"destination": "/sys",
"source": "/sys",
"options": [
"rbind",
"nosuid",
"noexec",
"nodev",
"ro"
],
"type": "none"
},
{
"destination": "/sys/fs/cgroup",
"options": [
"ro",
"nosuid",
"noexec",
"nodev"
],
"source": "cgroup",
"type": "cgroup"
},
{
"destination": "/dev/mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "mqueue",
"type": "mqueue"
}
]
}
Это дает мне ошибку
container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"process_linux.go:385: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: renaming interface ethc21652 to eth0 failed: file exists\\\\n\\\"\""