1CH-MOUNT(1)                      Charliecloud                      CH-MOUNT(1)
2
3
4

NAME

6       ch-mount - Mount a SquashFS image file using FUSE
7

SYNOPSIS

9          $ ch-mount SQFS PARENTDIR
10

DESCRIPTION

12       Create  new  empty  directory  named  SQFS  with  suffix  (e.g., .sqfs)
13       removed, then mount SQFS on this new directory. This new directory must
14       not already exist.
15
16       Additional arguments:
17
18          --help print help and exit
19
20          --version
21                 print version and exit
22

EXAMPLE

24          $ ch-mount /var/tmp/debian.sqfs /var/tmp
25          $ ls /var/tmp/debian
26          bin   dev  home  lib64  mnt  proc  run   srv  tmp  var
27          boot  etc  lib   media  opt  root  sbin  sys  usr  WEIRD_AL_YANKOVIC
28

REPORTING BUGS

30       If  Charliecloud  was  obtained  from your Linux distribution, use your
31       distribution’s bug reporting procedures.
32
33       Otherwise, report bugs to: <https://github.com/hpc/charliecloud/issues>
34

SEE ALSO

36       charliecloud(1)
37
38       Full documentation at: <https://hpc.github.io/charliecloud>
39

DOCKER TIPS

41       Docker  is  a  convenient  way  to  build  Charliecloud  images.  While
42       installing Docker is beyond the scope of this documentation, here are a
43       few tips.
44
45   Understand the security implications of Docker
46       Because Docker (a) makes  installing  random  crap  from  the  internet
47       really easy and (b) is easy to deploy insecurely, you should take care.
48       Some of the implications are below. This list should not be  considered
49       comprehensive  nor  a  substitute  for appropriate expertise; adhere to
50       your moral and institutional responsibilities.
51
52   docker equals root
53       Anyone who can run the docker command or interact with the Docker  dae‐
54       mon can trivially escalate to root.  This is considered a feature.
55
56       For  this  reason,  don’t  create  the docker group, as this will allow
57       passwordless, unlogged escalation for anyone in the group.
58
59   Images can contain bad stuff
60       Standard hygiene for “installing stuff from the internet” applies. Only
61       work  with  images  you trust. The official Docker Hub repositories can
62       help.
63
64   Containers run as root
65       By default, Docker runs container processes as  root.  In  addition  to
66       being  poor  hygiene,  this  can  be  an  escalation  path, e.g. if you
67       bind-mount host directories.
68
69   Docker alters your network configuration
70       To see what it did:
71
72          $ ifconfig    # note docker0 interface
73          $ brctl show  # note docker0 bridge
74          $ route -n
75
76   Docker installs services
77       If you don’t want the service starting automatically at boot, e.g.:
78
79          $ systemctl is-enabled docker
80          enabled
81          $ systemctl disable docker
82          $ systemctl is-enabled docker
83          disabled
84
85   Configuring for a proxy
86       By default, Docker does not work if you have a proxy, and it  fails  in
87       two different ways.
88
89       The  first  problem  is that Docker itself must be told to use a proxy.
90       This manifests as:
91
92          $ sudo docker run hello-world
93          Unable to find image 'hello-world:latest' locally
94          Pulling repository hello-world
95          Get https://index.docker.io/v1/repositories/library/hello-world/images: dial tcp 54.152.161.54:443: connection refused
96
97       If you have a systemd system, the Docker documentation explains how  to
98       configure   this.   If   you   don’t   have   a  systemd  system,  then
99       /etc/default/docker might be the place to go?
100
101       The second problem is that Docker containers need  to  know  about  the
102       proxy  as  well. This manifests as images failing to build because they
103       can’t download stuff from the internet.
104
105       The fix is to set the proxy variables in your environment, e.g.:
106
107          export HTTP_PROXY=http://proxy.example.com:8088
108          export http_proxy=$HTTP_PROXY
109          export HTTPS_PROXY=$HTTP_PROXY
110          export https_proxy=$HTTP_PROXY
111          export ALL_PROXY=$HTTP_PROXY
112          export all_proxy=$HTTP_PROXY
113          export NO_PROXY='localhost,127.0.0.1,.example.com'
114          export no_proxy=$NO_PROXY
115
116       You also need to teach sudo  to  retain  them.  Add  the  following  to
117       /etc/sudoers:
118
119          Defaults env_keep+="HTTP_PROXY http_proxy HTTPS_PROXY https_proxy ALL_PROXY all_proxy NO_PROXY no_proxy"
120
121       Because  different  programs  use different subsets of these variables,
122       and to avoid a situation where some things work and others  don’t,  the
123       Charliecloud  test suite (see below) includes a test that fails if some
124       but not all of the above variables are set.
125

COPYRIGHT

127       2014–2018, Los Alamos National Security, LLC
128
129
130
131
132                  2020-01-28 00:00 Coordinated Universal Time      CH-MOUNT(1)