BitBucket Pipelines and Docker Rootless
Bitbucket pipelines work fine with docker rootless. This adds an additional level of security to prevent escapeees having full root access to the host.
Firstly, install docker rootless following this guide.
After installation, the main parameters you need to change in the run command provided by BitBucket are:
-
Update the volume for access to the docker socket. This is becuase when running rootless you are runnig as the current user and the socket is in the user space rather than the system space. You need to change from:
1
-v /var/run/docker.sock:/var/run/docker.sock
to (where
is the UID of the user running docker rootless) 1
-v /run/user/<UID>/docker.sock:/var/run/docker.sock
-
Update the path the docker containers:
1
-v /var/lib/docker/containers:/var/lib/docker/containers:ro
to (where
is the user name of the user running docker rootless) 1
-v /home/<UserName>/.local/share/docker/containers:/var/lib/docker/containers:ro
I also had a few issues with memory usage, to resolve this I added to the run command:
|
|
Hope this helps someone else (most likely future me :))
Hi there! I'm Alex, a software developer, entrepreneur behind TitanLogic and a generative artist. As a father of two, I've learned that sharing ideas and discoveries can spark new perspectives.
This website serves as my personal collection of insights on topics I'm passionate about: AI, code, art, music, and building things. While it's primarily for my reference, I hope others will find this information useful too.
I'll be documenting my thoughts, findings, and experiences as I explore these areas. Whether it's trying out new tools, diving into the world of machine learning, or simply sharing tips and tricks from years of software development experience, I aim to keep this site concise and informative.