[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Octave development daily snapshot service
|
From: |
Mike Miller |
|
Subject: |
Re: Octave development daily snapshot service |
|
Date: |
Fri, 14 Apr 2017 13:32:07 -0700 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Fri, Apr 14, 2017 at 11:36:11 -0700, Colin Macdonald wrote:
> I tried the command you listed on Fedora 25 and it works (downloaded a pile
> of stuff, 5 Gib in /var/lib/docker, maybe normal when run on non-Ubuntu
> systems).
That's typical, even when the host OS is identical to the container OS.
> 1. Doctest pkg: "pkg install -forge doctest" just worked!
>
> 2. Symbolic pkg: I did "apt-get install python-pip", then "pip install
> sympy", then started octave and "pkg install -forge symbolic". Works for
> me.
Excellent.
> 2.a. Is it worth including "pip" in the container? (21 MiB)
I'd rather keep the non-Octave parts of the container to a minimum.
Docker is built on layers, a new container can be derived from another
one by composition and the lower shared layers are reused. So you can
write a Dockerfile that derives from mtmiller/octave-snapshot, installs
python-pip and some more packages, and use that locally or publish it.
> 3. Might be helpful to Docker noobs (me) to add a link your short
> instructions enable X11 from (to?) the container.
Easier said than done, but I'll see if I can simplify that. I initially
see no value to running the GUI for my purposes, but maybe.
> 4. Is the host reasonably protected from root on the container? I.e.,
> safe-ish to run Octave as root?
IMHO it's safe enough from doing something accidental to your host OS.
It may not be completely safe from some malicious code. There's a bunch
to read about at https://docs.docker.com/engine/security/security/.
You can easily run as any unprivileged user by using the -u option, e.g.
docker run -it -u 1234:1234 mtmiller/octave-snapshot octave
or
docker run -it -u nobody mtmiller/octave-snapshot octave
--
mike