1CH-UMOUNT(1)                     Charliecloud                     CH-UMOUNT(1)
2
3
4

NAME

6       ch-umount  -  Unmount  a  FUSE mounted squash filesystem and remove the
7       mount point
8

SYNOPSIS

10          $ ch-umount MOUNTDIR
11

DESCRIPTION

13       Unmount  Charliecloud  SquashFS  file  at  target  directory  MOUNTDIR.
14       Remove empty MOUNTDIR after successful unmounting.
15
16       Additional arguments:
17
18          --help print help and exit
19
20          --version
21                 print version and exit
22

EXAMPLE

24          $ ls /var/tmp/debian
25          bin   dev  home  lib64  mnt  proc  run   srv  tmp  var
26          boot  etc  lib   media  opt  root  sbin  sys  usr  WEIRD_AL_YANKOVIC
27          $ ch-umount /var/tmp/debian
28          unmounted and removed /var/tmp/debian
29          $ ls /var/tmp/debian
30          ls: cannot access /var/tmp/debian: No such file or directory
31

REPORTING BUGS

33       If  Charliecloud  was  obtained  from your Linux distribution, use your
34       distribution’s bug reporting procedures.
35
36       Otherwise, report bugs to: <https://github.com/hpc/charliecloud/issues>
37

SEE ALSO

39       charliecloud(1)
40
41       Full documentation at: <https://hpc.github.io/charliecloud>
42

DOCKER TIPS

44       Docker  is  a  convenient  way  to  build  Charliecloud  images.  While
45       installing Docker is beyond the scope of this documentation, here are a
46       few tips.
47
48   Understand the security implications of Docker
49       Because Docker (a) makes  installing  random  crap  from  the  internet
50       really easy and (b) is easy to deploy insecurely, you should take care.
51       Some of the implications are below. This list should not be  considered
52       comprehensive  nor  a  substitute  for appropriate expertise; adhere to
53       your moral and institutional responsibilities.
54
55   docker equals root
56       Anyone who can run the docker command or interact with the Docker  dae‐
57       mon can trivially escalate to root.  This is considered a feature.
58
59       For  this  reason,  don’t  create  the docker group, as this will allow
60       passwordless, unlogged escalation for anyone in the group.
61
62   Images can contain bad stuff
63       Standard hygiene for “installing stuff from the internet” applies. Only
64       work  with  images  you trust. The official Docker Hub repositories can
65       help.
66
67   Containers run as root
68       By default, Docker runs container processes as  root.  In  addition  to
69       being  poor  hygiene,  this  can  be  an  escalation  path, e.g. if you
70       bind-mount host directories.
71
72   Docker alters your network configuration
73       To see what it did:
74
75          $ ifconfig    # note docker0 interface
76          $ brctl show  # note docker0 bridge
77          $ route -n
78
79   Docker installs services
80       If you don’t want the service starting automatically at boot, e.g.:
81
82          $ systemctl is-enabled docker
83          enabled
84          $ systemctl disable docker
85          $ systemctl is-enabled docker
86          disabled
87
88   Configuring for a proxy
89       By default, Docker does not work if you have a proxy, and it  fails  in
90       two different ways.
91
92       The  first  problem  is that Docker itself must be told to use a proxy.
93       This manifests as:
94
95          $ sudo docker run hello-world
96          Unable to find image 'hello-world:latest' locally
97          Pulling repository hello-world
98          Get https://index.docker.io/v1/repositories/library/hello-world/images: dial tcp 54.152.161.54:443: connection refused
99
100       If you have a systemd system, the Docker documentation explains how  to
101       configure   this.   If   you   don’t   have   a  systemd  system,  then
102       /etc/default/docker might be the place to go?
103
104       The second problem is that Docker containers need  to  know  about  the
105       proxy  as  well. This manifests as images failing to build because they
106       can’t download stuff from the internet.
107
108       The fix is to set the proxy variables in your environment, e.g.:
109
110          export HTTP_PROXY=http://proxy.example.com:8088
111          export http_proxy=$HTTP_PROXY
112          export HTTPS_PROXY=$HTTP_PROXY
113          export https_proxy=$HTTP_PROXY
114          export ALL_PROXY=$HTTP_PROXY
115          export all_proxy=$HTTP_PROXY
116          export NO_PROXY='localhost,127.0.0.1,.example.com'
117          export no_proxy=$NO_PROXY
118
119       You also need to teach sudo  to  retain  them.  Add  the  following  to
120       /etc/sudoers:
121
122          Defaults env_keep+="HTTP_PROXY http_proxy HTTPS_PROXY https_proxy ALL_PROXY all_proxy NO_PROXY no_proxy"
123
124       Because  different  programs  use different subsets of these variables,
125       and to avoid a situation where some things work and others  don’t,  the
126       Charliecloud  test suite (see below) includes a test that fails if some
127       but not all of the above variables are set.
128

COPYRIGHT

130       2014–2018, Los Alamos National Security, LLC
131
132
133
134
135                  2020-01-28 00:00 Coordinated Universal Time     CH-UMOUNT(1)