github.com/dctrud/umoci@v0.4.3-0.20191016193643-05a1d37de015/doc/man/umoci-raw-unpack.1.md

github.com/dctrud/umoci@v0.4.3-0.20191016193643-05a1d37de015/doc/man/umoci-raw-unpack.1.md (about)

     1  % umoci-raw-unpack(1) # umoci raw unpack - Unpacks an OCI image tag into a root filesystem
     2  % Aleksa Sarai
     3  % APRIL 2018
     4  # NAME
     5  umoci raw unpack - Unpacks an OCI image tag into a root filesystem
     6  
     7  # SYNOPSIS
     8  **umoci raw unpack**
     9  **--image**=*image*[:*tag*]
    10  **--keep-dirlinks**
    11  *rootfs*
    12  
    13  # DESCRIPTION
    14  Extracts all of the layers (deterministically) to a root filesystem at path
    15  *rootfs*. This path must not already exist.
    16  
    17  # OPTIONS
    18  The global options are defined in **umoci**(1).
    19  
    20  **--image**=*image*[:*tag*]
    21    The OCI image tag which will be extracted to the *rootfs*. *image* must be a
    22    path to a valid OCI image and *tag* must be a valid tag in the image. If
    23    *tag* is not provided it defaults to "latest".
    24  
    25  **--uid-map**=[*value*]
    26    Specifies a UID mapping to use while unpacking layers. This is used in a
    27    similar fashion to **user_namespaces**(7), and is of the form
    28    **container:host[:size]**.
    29  
    30  **--gid-map**=[*value*]
    31    Specifies a GID mapping to use while unpacking layers. This is used in a
    32    similar fashion to **user_namespaces**(7), and is of the form
    33    **container:host[:size]**.
    34  
    35  **--rootless**
    36    Enable rootless unpacking support. This allows for **umoci-raw-unpack**(1) to
    37    be used as an unprivileged user. Use of this flag implies **--uid-map=0:$(id
    38    -u):1** and **--gid-map=0:$(id -g):1**, as well as enabling several features
    39    to fake parts of the unpacking in the attempt to generate an
    40    as-close-as-possible extraction of the filesystem. Note that it is almost
    41    always not possible to perfectly extract an OCI image with **--rootless**,
    42    but it will be as close as possible.
    43  
    44  **--keep-dirlinks**
    45    Instead of overwriting directories which are links to other directories when
    46    higher layers have an explicit directory, just write through the symlink.
    47    This option is inspired by rsync's option of the same name.
    48  
    49  # EXAMPLE
    50  The following downloads an image from a **docker**(1) registry using
    51  **skopeo**(1), unpacks said image to a root filesystem, generates an OCI
    52  runtime configuration file with **umoci-raw-runtime-config**(1) and then
    53  creates a new container with **runc**(8).
    54  
    55  ```
    56  % skopeo copy docker://opensuse/amd64:42.2 oci:image:latest
    57  # umoci raw unpack --image image rootfs
    58  # umoci raw runtime-config --image image --rootfs rootfs config.json
    59  # runc run ctr
    60  [ container session ]
    61  ```
    62  
    63  With **--rootless** it is also possible to do the above example without root
    64  privileges. **umoci** will generate a configuration that works with rootless
    65  containers in **runc**(8).
    66  
    67  ```
    68  % skopeo copy docker://opensuse/amd64:42.2 oci:image:latest
    69  % umoci raw unpack --image image --rootless rootfs
    70  % umoci raw runtime-config --image image --rootfs rootfs --rootless config.json
    71  % runc --root $HOME/runc run ctr
    72  [ rootless container session ]
    73  ```
    74  
    75  # SEE ALSO
    76  **umoci**(1), **umoci-raw-runtime-config**(1), **runc**(8)