rootless: launch rootlesskit with --propagation=rslave

The propagation was previously set to rprivate and didn't propagate mounts from the host mount namespace into the daemon's mount namespace. Further information about --propagation: https://github.com/rootless-containers/rootlesskit/tree/v0.9.1#mount-propagation RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/v0.8.0...v0.9.1 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-11-09 12:21:53 -05:00 · 2020-03-06 23:22:41 +09:00 · 2020-03-06 23:22:41 +09:00 · 1ea3a2b7f5
commit 1ea3a2b7f5
parent 6004b9ad52
2 changed files with 3 additions and 2 deletions
--- a/contrib/dockerd-rootless.sh
+++ b/contrib/dockerd-rootless.sh
@ -82,6 +82,7 @@ if [ -z $_DOCKERD_ROOTLESS_CHILD ]; then
 		--slirp4netns-seccomp=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP \
 		--disable-host-loopback --port-driver=builtin \
 		--copy-up=/etc --copy-up=/run \
+		--propagation=rslave \
 		$DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS \
 		$0 $@
 else
--- a/hack/dockerfile/install/rootlesskit.installer
+++ b/hack/dockerfile/install/rootlesskit.installer
@ -1,7 +1,7 @@
 #!/bin/sh

-# v0.8.0
-: ${ROOTLESSKIT_COMMIT:=ce88a431e6a7cf891ebb68b10bfc6a5724b9ae72}
+# v0.9.1
+: ${ROOTLESSKIT_COMMIT:=db9657404cd538820e9e83d90dab2a78d8b833e6}

 install_rootlesskit() {
 	case "$1" in