ArchLinux Container 
Docker build for a basic Arch Linux docker image with gosu.
This image is built from scratch.
Purpose
This docker image is build from scratch with a somewhat minimal Arch Linux installation containing systemd.
It provides several key features:
- Non-root user and group
nobodyfor executing programs inside the container. - nobody - even using
sudo. gosuto execute binaries as different user forwarding container signals.- A umask of 0002 for user
nobody. - Exported variables
UNAMEandGNAMEto make use of the user settings from within scripts.
Usage
For example:
docker run --interactive --tty --rm marcelhuberfoo/arch env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=935562be7aff
TERM=xterm
UNAME=nobody
GNAME=nobody
HOME=/rootPermissions
This image provides a user and group nobody to run programs as user nobody. It is best used with gosu, as it allows to handle signals of the started process properly within the container.
If you map in a volume, permissions on the host folder must allow user or group nobody to write to it. You can add yourself to the nobody group.
Add yourself to the nobody group:
gpasswd --add myself nobodySet group permissions to the entire project directory:
chmod -R g+w /tmp/my-data
chgrp -R nobody /tmp/my-datasystemd
Enabled services would be started in your container if run with something like:
docker run --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--entrypoint /lib/systemd/systemd marcelhuberfoo/archTo stop the container, you could execute docker exec -ti <containerid> systemctl poweroff.