docs(buildah): add instruction for ubuntu to prevent errors while bui…

…lding with buildah Signed-off-by: Fral738 <[email protected]>
werf · Nov 6, 2024 · 28cb28a · 28cb28a
1 parent 1d01e58
commit 28cb28a
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 0 deletions.
diff --git a/bin/configurator/static/_includes/en/configurator/partials/ci/buildah_install.md.liquid b/bin/configurator/static/_includes/en/configurator/partials/ci/buildah_install.md.liquid
@@ -37,3 +37,5 @@ Follow these steps on the GitLab Runner host to install Buildah:
 * The `sysctl -ne kernel.unprivileged_userns_clone` command should NOT return `0`, otherwise run `echo 'kernel.unprivileged_userns_clone = 1' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
 
 * The `sysctl -n user.max_user_namespaces` command should return `15000` or more, otherwise run `echo 'user.max_user_namespaces = 15000' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
+
+* (For Ubuntu 23.10 and later) set values `kernel.apparmor_restrict_unprivileged_unconfined` and `kernel.apparmor_restrict_unprivileged_userns` to `0` with the command `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} | sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
diff --git a/bin/configurator/static/_includes/en/configurator/partials/dev/buildah_install.md.liquid b/bin/configurator/static/_includes/en/configurator/partials/dev/buildah_install.md.liquid
@@ -37,3 +37,5 @@ Perform the following steps to install Buildah:
 * The `sysctl -ne kernel.unprivileged_userns_clone` command should NOT return `0`, otherwise run `echo 'kernel.unprivileged_userns_clone = 1' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
 
 * The `sysctl -n user.max_user_namespaces` command should return `15000` or more, otherwise run `echo 'user.max_user_namespaces = 15000' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
+
+* (For Ubuntu 23.10 and later) set values `kernel.apparmor_restrict_unprivileged_unconfined` and `kernel.apparmor_restrict_unprivileged_userns` to `0` with the command `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} | sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
diff --git a/...n/configurator/tab/ci/other-ci-cd-system/simple/host-runner/linux/buildah/infra.md.liquid b/...n/configurator/tab/ci/other-ci-cd-system/simple/host-runner/linux/buildah/infra.md.liquid
@@ -52,6 +52,8 @@ To install Buildah, do the following on the host for running CI jobs:
 
 * The `sysctl -n user.max_user_namespaces` command should return `15000` or more, otherwise run `echo 'user.max_user_namespaces = 15000' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
 
+* (For Ubuntu 23.10 and later) set values `kernel.apparmor_restrict_unprivileged_unconfined` and `kernel.apparmor_restrict_unprivileged_userns` to `0` with the command `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} | sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
+
 ### Installing werf
 
 On the host for running CI jobs, run the following command to install werf:

diff --git a/bin/configurator/static/_includes/ru/configurator/partials/ci/buildah_install.md.liquid b/bin/configurator/static/_includes/ru/configurator/partials/ci/buildah_install.md.liquid
@@ -37,3 +37,5 @@
 * Команда `sysctl -ne kernel.unprivileged_userns_clone` НЕ должна вернуть `0`, а иначе выполните `echo 'kernel.unprivileged_userns_clone = 1' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
 
 * Команда `sysctl -n user.max_user_namespaces` должна вернуть `15000` или больше, а иначе выполните `echo 'user.max_user_namespaces = 15000' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
+
+* (Для Ubuntu 23.10 и выше) установите значения `kernel.apparmor_restrict_unprivileged_unconfined` и `kernel.apparmor_restrict_unprivileged_userns` в `0` командой `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} | sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
diff --git a/bin/configurator/static/_includes/ru/configurator/partials/dev/buildah_install.md.liquid b/bin/configurator/static/_includes/ru/configurator/partials/dev/buildah_install.md.liquid
@@ -37,3 +37,5 @@
 * Команда `sysctl -ne kernel.unprivileged_userns_clone` НЕ должна вернуть `0`, а иначе выполните `echo 'kernel.unprivileged_userns_clone = 1' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
 
 * Команда `sysctl -n user.max_user_namespaces` должна вернуть `15000` или больше, а иначе выполните `echo 'user.max_user_namespaces = 15000' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
+
+* (Для Ubuntu 23.10 и выше) установите значения `kernel.apparmor_restrict_unprivileged_unconfined` и `kernel.apparmor_restrict_unprivileged_userns` в `0` командой `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} | sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
diff --git a/...u/configurator/tab/ci/other-ci-cd-system/simple/host-runner/linux/buildah/infra.md.liquid b/...u/configurator/tab/ci/other-ci-cd-system/simple/host-runner/linux/buildah/infra.md.liquid
@@ -52,6 +52,8 @@
 
 * Команда `sysctl -n user.max_user_namespaces` должна вернуть `15000` или больше, а иначе выполните `echo 'user.max_user_namespaces = 15000' | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.
 
+* (Для Ubuntu 23.10 и выше) установите значения `kernel.apparmor_restrict_unprivileged_unconfined` и `kernel.apparmor_restrict_unprivileged_userns` в `0` командой `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} | sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
+
 ### Установка werf
 
 Для установки werf, на хосте для запуска CI-задач выполните:
Original file line number	Diff line number	Diff line change
Expand Up		@@ -37,3 +37,5 @@ Follow these steps on the GitLab Runner host to install Buildah:
		* The `sysctl -ne kernel.unprivileged_userns_clone` command should NOT return `0`, otherwise run `echo 'kernel.unprivileged_userns_clone = 1' \| sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.

		* The `sysctl -n user.max_user_namespaces` command should return `15000` or more, otherwise run `echo 'user.max_user_namespaces = 15000' \| sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.

		* (For Ubuntu 23.10 and later) set values `kernel.apparmor_restrict_unprivileged_unconfined` and `kernel.apparmor_restrict_unprivileged_userns` to `0` with the command `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} \| sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
Original file line number	Diff line number	Diff line change
Expand Up		@@ -37,3 +37,5 @@ Perform the following steps to install Buildah:
		* The `sysctl -ne kernel.unprivileged_userns_clone` command should NOT return `0`, otherwise run `echo 'kernel.unprivileged_userns_clone = 1' \| sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.

		* The `sysctl -n user.max_user_namespaces` command should return `15000` or more, otherwise run `echo 'user.max_user_namespaces = 15000' \| sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.

		* (For Ubuntu 23.10 and later) set values `kernel.apparmor_restrict_unprivileged_unconfined` and `kernel.apparmor_restrict_unprivileged_userns` to `0` with the command `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} \| sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`
Original file line number	Diff line number	Diff line change
Expand Up		@@ -37,3 +37,5 @@
		* Команда `sysctl -ne kernel.unprivileged_userns_clone` НЕ должна вернуть `0`, а иначе выполните `echo 'kernel.unprivileged_userns_clone = 1' \| sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.

		* Команда `sysctl -n user.max_user_namespaces` должна вернуть `15000` или больше, а иначе выполните `echo 'user.max_user_namespaces = 15000' \| sudo tee -a /etc/sysctl.conf && sudo sysctl -p`.

		* (Для Ubuntu 23.10 и выше) установите значения `kernel.apparmor_restrict_unprivileged_unconfined` и `kernel.apparmor_restrict_unprivileged_userns` в `0` командой `{ echo "kernel.apparmor_restrict_unprivileged_userns = 0"; echo "kernel.apparmor_restrict_unprivileged_unconfined = 0";} \| sudo tee -a /etc/sysctl.d/20-apparmor-donotrestrict.conf && sudo sysctl -p /etc/sysctl.d/20-apparmor-donotrestrict.conf`