[CentOS-devel] official centos-7 docker image are wrong

Fri Feb 12 14:46:37 UTC 2016
Farkas Levente <lfarkas at lfarkas.org>

On 02/12/2016 03:07 PM, Jim Perrin wrote:
> 
> 
> On 02/11/2016 01:29 AM, Farkas Levente wrote:
> 
>>>
>>> +[jperrin at ferrata ~]$ docker run -it centos ping -c 5 google.com
>>
>> because this is the wrong way to test!!!
>> please follow my description!
>> in the above way you run ping as root, but you should have to run as a
>> non-root user!
> 
> Okay, so here's the issue after yesterday's digging. It appears that
> virt-tar-out strips file capabilities, which results in a container with
> ping not working as you found. I can work around this by using tar
> directly, and passing --xattrs to preserve the capabilities data. This
> works if I import the tarball directly into docker,  however this
> results in an archive that docker's ADD command does not recognize as a
> local tar archive for unpacking. Since the ADD command is crucial for
> the base container build process, this is a bit of a blocker.
> 
> This appears to be a bug in docker, and I'll be filing it upstream.
> However this leads us back to one of the two original fixes.
> 
> Until this is resolved upstream, I can either remove the package, or
> leave it in a partly broken state. Which would you prefer?

imho ping is not essential in the base image so removing it and
everybody install how need it is a better solution than keep a well
known broken image.

but that's just my 2c.

-- 
  Levente                               "Si vis pacem para bellum!"