Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 214FE225829
	for <~alpine/users@lists.alpinelinux.org>; Tue,  9 Dec 2025 09:53:49 +0000 (UTC)
Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-bfe88eeaa65so1871733a12.1
        for <~alpine/users@lists.alpinelinux.org>; Tue, 09 Dec 2025 01:53:49 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765274027; x=1765878827;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=dzSUGX5ugBoyprT1hYcv8ZDRE0by7WsUf6OuGqMo7vk=;
        b=rk1zraySVedz3cl3Ix4cxvOhpsU4cef2Cdrm3/UmZ5O0d1xi+lTuI20o/ECppKKxEr
         2CXZxYv4ydG59+tN1hLlC/3mpfGAhVQdp1XtZHR7eUZrbMKfKAgGDKW/74jtlCBsVWWB
         WkMOgE3iULtCG+hbLg+rJowLD491XOpNJjotrh7FpV2ZWrhLM3VPx/wHCp2fWItwnfXc
         WFhZGPMtF9+g0YJB8Vb0qALbLeLbaM2hYgMixP9py8bXjZqM4bHnx9GAglmsnXMsK4B3
         kdLmo+H1RzYviD3iYqfqOxZeHO7jtBipQESZ8LoctB05JiXK2vGOnxBbhaDA3a3LPb68
         bogA==
X-Gm-Message-State: AOJu0YzTStoPhpEF2Ok+TvmFuvmoSYXuSgyzpWjjKqvEPbV72A462VoF
	9LYyTN8KGKppjIXri0XdTgllpEoYcrBHsUiNVakKY80ZHvCOcCglv1t8Esy90k+mS1mOTn69dBB
	2OIYlvY+z81t0s8PuazCQcNFEXrca5+4=
X-Gm-Gg: ASbGncvODQw6DBVHye7FWjVXhj792fAd65jmGR0upadz8a0jy8gLhF7RkDximfDb9Fw
	tVjYA/0bq88wjrLxgYvYPbmRwOhY8BrhkzF1Id2Yn55+QrZmc8SZSt1hF/9LUD0+QdWI+HKF7zl
	hzi3moM+3+O8rPWZNFaGZLRWIEz/T268OFKPL/oT0pe/B/o/swT49QwV2hPg4FvViNSO2/HN6+d
	4h+sFToaouvIeEjdr1HeC7vVjjJHCYW9Jz+KuzzyyFdPZpjK1WL5DWzv/ZCVI6fWV2J7+MglE8e
	L7Nijg==
X-Google-Smtp-Source: AGHT+IFr8PXjDUAiLbZLi6FrGv/gki+6dNU6Afu+ipYV2z3oLamkONvUcy4ZFZLgzQkHmy6DRCjfMzJeTjvILd7dXE8=
X-Received: by 2002:a05:7300:dc95:b0:2a4:4e54:dc69 with SMTP id
 5a478bee46e88-2abc7232147mr5542342eec.38.1765274027356; Tue, 09 Dec 2025
 01:53:47 -0800 (PST)
MIME-Version: 1.0
References: <CAD1Ag0z0wZu2TVGqLYuU9AfRh7Sj6KwdZnrAU3OBYaUe+8pxqg@mail.gmail.com>
 <CAM4p=JO0d_hGiO=u7oDcse+fkkCyo+uLouq3vb+FLBcuoVO50A@mail.gmail.com> <CAD1Ag0wz=DcL19yE3JLfKH9fsc4wObYpmh5CDMJ72eN08cDzwQ@mail.gmail.com>
In-Reply-To: <CAD1Ag0wz=DcL19yE3JLfKH9fsc4wObYpmh5CDMJ72eN08cDzwQ@mail.gmail.com>
From: Guido Trotter <ultrotter@debian.org>
Date: Tue, 9 Dec 2025 09:53:36 +0000
X-Gm-Features: AQt7F2p5fpiXBleN_DWNVj4uTgA3JSEtDcrvB9WhRZeKZeZFEwH0HQHtuhrbYKU
Message-ID: <CAM4p=JOTfVU-zgsKDZbo9iT5EdQ_bMrLLDiS8acKTPubkxs6Aw@mail.gmail.com>
Subject: Re: running containers (Podman or Docker) in diskless mode ?
To: Jerome Marc <marcgruselle@gmail.com>
Cc: ~alpine/users@lists.alpinelinux.org
Content-Type: multipart/alternative; boundary="00000000000054f66f064581e3c9"

--00000000000054f66f064581e3c9
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Sure, you're giving it an image, but what processes are you running within
that image? It all depends what your entry point and commands are, since
even if you give it the image it's not like you're "booting" Alpine to run
the container, just starting the process defined in the entry point....

Thanks,

Guido

On Tue, 9 Dec 2025, 09:33 Jerome Marc, <marcgruselle@gmail.com> wrote:

> I need an image. There is no problem running the process inside the
> container in a read-only root. There are options for that. But even if th=
e
> guest is read-only, it doesn't mean that the container host can use a ro
> filesystem. I guess that lxc could be more flexible for that.
>
> Le mar. 9 d=C3=A9c. 2025 =C3=A0 08:24, Guido Trotter <ultrotter@debian.or=
g> a
> =C3=A9crit :
>
>> If you're running just a container it should depend on what process you
>> run in the container... You wouldn't need to run "the os" necessarily, s=
o
>> using read only would work if your process never writes to disk. In some
>> cases you might not need an os image at all.
>>
>> On Tue, 9 Dec 2025, 01:26 Jerome Marc, <marcgruselle@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I would like to deploy a small container on my RPI.
>>> The OS is running in diskless mode (lbu) and I have a quite large data
>>> partition which is read-only.
>>> I use the data partition to store large stuff like node libraries.
>>>
>>> By the way I was expecting to be able to start a container from this
>>> read-only partition. As the container is immutable I don't see any reas=
on
>>> to make the partition rw, except of course when updating the docker ima=
ge.
>>> So does anyone tried (and hopefully succeeded) to run a container that =
way ?
>>>
>>> Thank you.
>>>
>>>
>>>

--00000000000054f66f064581e3c9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Sure, you&#39;re giving it an image, but what processes a=
re you running within that image? It all depends what your entry point and =
commands are, since even if you give it the image it&#39;s not like you&#39=
;re &quot;booting&quot; Alpine to run the container, just starting the proc=
ess defined in the entry point....<div dir=3D"auto"><br></div><div dir=3D"a=
uto">Thanks,=C2=A0</div><div dir=3D"auto"><br></div><div dir=3D"auto">Guido=
</div></div><br><div class=3D"gmail_quote gmail_quote_container"><div dir=
=3D"ltr" class=3D"gmail_attr">On Tue, 9 Dec 2025, 09:33 Jerome Marc, &lt;<a=
 href=3D"mailto:marcgruselle@gmail.com">marcgruselle@gmail.com</a>&gt; wrot=
e:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"l=
tr">I need an image. There is no problem running the process inside the con=
tainer in a read-only root. There are options for that. But even if the gue=
st is read-only, it doesn&#39;t mean that=C2=A0the container host can use a=
 ro filesystem. I guess that lxc could be more flexible for that.</div><br>=
<div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">Le=C2=A0ma=
r. 9 d=C3=A9c. 2025 =C3=A0=C2=A008:24, Guido Trotter &lt;<a href=3D"mailto:=
ultrotter@debian.org" target=3D"_blank" rel=3D"noreferrer">ultrotter@debian=
.org</a>&gt; a =C3=A9crit=C2=A0:<br></div><blockquote class=3D"gmail_quote"=
 style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);p=
adding-left:1ex"><div dir=3D"auto">If you&#39;re running just a container i=
t should depend on what process you run in the container... You wouldn&#39;=
t need to run &quot;the os&quot; necessarily, so using read only would work=
 if your process never writes to disk. In some cases you might not need an =
os image at all.</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Tue, 9 Dec 2025, 01:26 Jerome Marc, &lt;<a href=3D"mailt=
o:marcgruselle@gmail.com" target=3D"_blank" rel=3D"noreferrer">marcgruselle=
@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><div dir=3D"ltr">Hello,<br><div><br></div><div>I would like to d=
eploy a small container on my RPI.</div><div>The=C2=A0OS is running in disk=
less mode (lbu) and I have a quite=C2=A0large data partition which is read-=
only.</div><div>I use the data partition to store large stuff=C2=A0like nod=
e libraries.</div><div><br></div><div>By the way I was expecting to be able=
 to start a container from this read-only partition. As the container is im=
mutable I don&#39;t see any reason to make the partition rw, except of cour=
se when updating the docker image. So does anyone tried (and hopefully succ=
eeded) to run a container that way ?</div><div><br></div><div>Thank you.</d=
iv><div><br></div><div><br></div></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>

--00000000000054f66f064581e3c9--