-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto-mount documentation issues #1331
Comments
To support this issue, here is an example dockerfile from my team that works around this issue by doing mkdir for the mount paths and avoids using /var/* as destination folder for the mount: FROM mystikos.azurecr.io/mystikos-bionic:v0.8.0 AS build
WORKDIR /home
RUN apt-get update && apt-get install -y cryptsetup-bin
COPY tokenservice.tar ./
COPY config.tokenservice.json config.json
# The following commands imitate what myst-appbuilder does, but without the need of having docker installed.
RUN mkdir -p appdir-tokenservice/tmp && \
tar xvf tokenservice.tar -C appdir-tokenservice/tmp && \
find appdir-tokenservice/tmp -name layer.tar -exec sh -c 'tar xvf {} -C appdir-tokenservice' \;
RUN rm -rf appdir-tokenservice/tmp
# Create folder for mounts
RUN mkdir -p appdir-tokenservice/mnt/secrets
RUN mkdir -p appdir-tokenservice/mnt/mdsd
RUN myst mkext2 appdir-tokenservice rootfs
RUN myst fssig --roothash rootfs > roothash
RUN openssl genrsa -out private.pem -3 3072
RUN myst package-sgx --roothash=roothash private.pem config.json
FROM mystikos.azurecr.io/mystikos-bionic:v0.8.0 AS final
WORKDIR /home
COPY --from=build /home/myst/bin/dotnet /home/myst/bin/dotnet
COPY --from=build /home/rootfs /home/rootfs
ENV MYST_ROOTFS_PATH=/home/rootfs
CMD [ "/home/myst/bin/dotnet", "--mount", "/mnt/secrets=/mnt/secrets", \
"--mount", "/mnt/mdsd=/mnt/mdsd", \
"--host-to-enc-uid-map", "0:0", \
"--host-to-enc-gid-map", "0:0,106:106" ] My opinion:
|
we should output an error if the target directory is not present. |
/var/run
The text was updated successfully, but these errors were encountered: