tfgrid/zosbuilder
11
0
Fork 1
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement rootless Docker with container management support

Browse Source 
Docker Infrastructure:
- Added proper user namespace mapping in Dockerfile.alpine
- Created 'builder' user with host UID/GID mapping at build time
- Removed runtime user mapping (now handled in Dockerfile)
- Set up Rust environment for mapped user instead of root
- Fixed config mount consistency (removed :ro flags for real-time sync)

Container Management:
- Added 15 essential cgroup modules to modules-essential.list
- Complete cgroups v1 and v2 support for container orchestration
- Process control: cgroup_pids, cgroup_freezer, cgroup_cpuset
- Memory management: memcg, hugetlb_cgroup
- Network control: net_cls_cgroup, net_prio_cgroup
- Device access: cgroup_device, devices_cgroup
- Advanced features: cgroup_bpf, cgroup_perf_event, cgroup_debug

Environment Updates:
- Updated RFS Dockerfile to Alpine 3.22 for consistency
- Ensured proper /build directory permissions for mapped user

This enables true rootless operation with full container management
capabilities, fixing permission issues and enabling Zero-OS container
orchestration with complete resource control.
This commit is contained in:
Jan De Landtsheer
2025-08-25 09:44:47 +02:00
parent 8a38c372aa
commit 709c4a0865
4 changed files with 51 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
build/Dockerfile.alpine
View File

@@ -5,6 +5,9 @@ FROM alpine:3.22
ARG TARGETARCH=amd64
ARG BUILDMODE=debug
ARG MINIMAL_MODE=false
ARG USER_UID=1000
ARG USER_GID=1000
ARG USERNAME=builder
# Set environment variables
ENV BUILDMODE=${BUILDMODE}
@@ -77,5 +80,25 @@ RUN echo "BUILDMODE=${BUILDMODE}" > /build/build.conf && \
echo "OUTPUT_DIR=/build/output" >> /build/build.conf && \
echo "CONFIG_DIR=/build/configs" >> /build/build.conf
# Create user with proper mapping
RUN addgroup -g ${USER_GID} ${USERNAME} && \
adduser -u ${USER_UID} -G ${USERNAME} -D -s /bin/sh ${USERNAME} && \
mkdir -p /home/${USERNAME}/.cargo && \
chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
# Switch to the mapped user
USER ${USERNAME}
# Set up Rust environment for the user
RUN rustup-init -y --default-toolchain stable && \
. ~/.cargo/env && \
rustup target add x86_64-unknown-linux-musl
# Set working directory and ensure permissions
WORKDIR /build
USER root
RUN chown -R ${USERNAME}:${USERNAME} /build
USER ${USERNAME}
# Default command
CMD ["/build/scripts/build-initramfs.sh"]