1.5 KiB
| author | authorURL | authorTwitter | title |
|---|---|---|---|
| Pascal Vizeli | https://twitter.com/pvizeli | pvizeli | S6-Overlay 3.x update on our docker base images |
We started to update our base images to use the new s6-Overlay v3. A migration article also explains the new possibilities around this change. This blog post explains the minimal changes needed to be able to use our new base images.
We have updated our example add-on to include the new behaviors.
Minimum
Make sure all your executable/script files have the execution permission set on your git repository rootfs folder. You can update the permissions using:
$ git update-index --chmod=+x rootfs/etc/service.d/my-service/run
If you use finish scripts in your S6-overlay services, for example, to stop the container on an error, you have to replace the line s6-svscanctl -t /var/run/s6/services with /run/s6/basedir/bin/halt.
AppArmor
You have to tweak your AppArmor profile to get it working with the new s6-Overlay. We updated our documentation with the default profile. The following changes need to be made:
# S6-Overlay
/init ix,
/bin/** ix,
/usr/bin/** ix,
/run/{s6,s6-rc*,service}/** ix,
/package/** ix,
/command/** ix,
/etc/services.d/** rwix,
/etc/cont-init.d/** rwix,
/etc/cont-finish.d/** rwix,
/run/{,**} rwk,
/dev/tty rw,