RHEL has nothing to do with this, especially since RHEL hasn’t even shipped docker since RHEL 7 (podman is the current default for Fedora, RHEL, and CentOS). Privileged shouldn’t matter here, but are you able to install this with docker run without --privileged. Also, is this running as root or regular user. I’m less familiar with docker than podman at this point, but if you’re not running as root, I’m wondering if you need to populate subuid/subgids?
Sorry I meant RHEL to generically refer to CentOS, CoreOS, Fedora, etc. I know podman is the new default and had a suspicion that possibly docker could have more “bugs” or less testing as a result.
I have attempted building wtih root and my regular ‘core’ user. I am not able to install using “docker run” by itself, I have to use --privileged. If I do not I receive the following: sh: error while loading shared libraries: libc.so.6: cannot change memory protections. I believe I was able to install packages on an earlier version of CoreOS, but am not 100% on that.
Worth mentioning I have had to run a large number of my stacks/containers with privileged set to true. Which IMO kind of defeats the purpose of privileged, but it seems to be required.
This builds without issue on a separate server with host os Debian and Docker. It’s something having to do with CoreOS.
I was able to get around this by setting up a local registry and building on my debian box and pushing to the registry. In other words I have to have a separate box to build Dockfile’s, but hey at least I have a work around.
My suspicion here is because my Docker app directory is located on a different filesystem/disk CoreOS is throwing a fit. I can’t find anything that say this isn’t explicitly supported but I have a feeling this may be a possible cause. Maybe when docker tries to use a filesystem CoreOS isn’t comfortable with it requires sudo/root privs all the way down. IDK maybe in the future I will move the directory back to /var and symlink.
No idea. Back in RHEL 7, I used to mount a different filesystem to /var/lib/docker without issue and regularly do that now on my podman/cri systems to /var/lib/containers/storage. I haven’t needed to set --privileged everywhere on those systems. That said, I’ve only ever done cri-o on CoreOS and have never tried Docker engine on it.
Docker suffered from a number of issues. For a long time, it didn’t support cgroups2 or nftables (long after iptables had been deprecated) and rootless docker is still an emerging thing. I don’t know how to set this up on CoreOS, but if your heart is set on using Moby instead of podman or cri-o, I assume you alternatively should be able to run containerd in CoreOS, though that is more geared toward kubernetes workloads and you may find it a bit tedious if you’re just wanting to run containers on a standalone host.