I have a CIS-benchmark-compliant base image. Pulling this to differentiate an immutable image for my application, if I attempt to do
apt-get install -y docker.io
I get an error
==> amazon-ebs: Can't exec "/tmp/docker.io.config.NzitwJ": Permission denied at /usr/share/perl/5.26/IPC/Open3.pm line 178. ==> amazon-ebs: open2: exec of /tmp/docker.io.config.NzitwJ configure failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.
This is because CIS-compliant images have
noexec set on the
Does anyone know of a command line or equivalent way to make apt-get use a different file system for install scripts, or am I going to have to schedule tasks to install from source? Note, this does not only affect
docker.io, but others as well. I'm looking for an
apt-get-level solution, not an app-specific package method.