Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.10 backport] daemon.WithCommonOptions() fix detection of user-namespaces #43084

Merged
merged 1 commit into from Jan 8, 2022
Merged

[20.10 backport] daemon.WithCommonOptions() fix detection of user-namespaces #43084

merged 1 commit into from Jan 8, 2022

Commits on Dec 15, 2021

  1. daemon.WithCommonOptions() fix detection of user-namespaces 

    Commit dae652e added support for non-privileged
containers to use ICMP_PROTO (used for `ping`). This option cannot be set for
containers that have user-namespaces enabled.

However, the detection looks to be incorrect; HostConfig.UsernsMode was added
in 6993e89 / ee21838,
and the property only has meaning if the daemon is running with user namespaces
enabled. In other situations, the property has no meaning.
As a result of the above, the sysctl would only be set for containers running
with UsernsMode=host on a daemon running with user-namespaces enabled.

This patch adds a check if the daemon has user-namespaces enabled (RemappedRoot
having a non-empty value), or if the daemon is running inside a user namespace
(e.g. rootless mode) to fix the detection.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a826ca3)

---
The cherry-pick was almost clean but `userns.RunningInUserNS()` -> `sys.RunningInUserNS()`.

Fix docker/buildx issue 561
---

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
    @thaJeztah @AkihiroSuda
    thaJeztah authored and AkihiroSuda committed Dec 15, 2021
    Copy the full SHA
    660b996 View commit details
    Browse the repository at this point in the history