Review permissions required by Sarus
Sarus must run as a root-owned SUID executable and be able to achieve full root privileges to perform mounts and create namespaces.
Write/read permissions to the Sarus's centralized repository. The system administrator can configure the repository's location through the
Write/read permissions to the users' local image repositories. The system administrator can configure the repositories location through the
Load required kernel modules
If the kernel modules listed in Requirements are not loaded automatically by the system, remember to load them manually:
sudo modprobe loop sudo modprobe squashfs sudo modprobe overlay
Automatic update of Sarus' passwd cache
When executing the configure_installation script,
the passwd and group information are copied and cached
<sarus install prefix>/etc/passwd and
<sarus install prefix>/etc/group
respectively. The cache allows to bypass the host's passwd/group database, e.g.
LDAP, which could be tricky to configure and access from the container. However,
since the cache is created/updated only once at installation time, it can
quickly get out-of-sync with the actual passwd/group information of the system.
A possible solution is to periodically run a cron job to refresh the
cache. E.g. a cron job and a script like the ones below would do:
$ crontab -l 5 0 * * * update_sarus_user.sh
$ cat update_sarus_user.sh #!/bin/bash /usr/bin/getent passwd > <sarus install prefix>/etc/passwd /usr/bin/getent group > <sarus install prefix>/etc/group