From 2a71f28a4e1167dee32aa16ddbc819c9d9e77f71 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Thu, 31 Mar 2016 14:42:16 -0500 Subject: [PATCH] don't try to use aufs in a user namespace If aufs is already modprobe'd but we are in a user namespace, the aufs driver will happily load but then get eperm when it actually tries to do something. So detect that condition. Signed-off-by: Serge Hallyn --- daemon/graphdriver/aufs/aufs.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/daemon/graphdriver/aufs/aufs.go b/daemon/graphdriver/aufs/aufs.go index 8dc4c4aaf8..0fd059edf6 100644 --- a/daemon/graphdriver/aufs/aufs.go +++ b/daemon/graphdriver/aufs/aufs.go @@ -46,11 +46,14 @@ import ( "github.com/docker/docker/pkg/stringid" "github.com/opencontainers/runc/libcontainer/label" + rsystem "github.com/opencontainers/runc/libcontainer/system" ) var ( // ErrAufsNotSupported is returned if aufs is not supported by the host. ErrAufsNotSupported = fmt.Errorf("AUFS was not found in /proc/filesystems") + // ErrAufsNested means aufs cannot be used bc we are in a user namespace + ErrAufsNested = fmt.Errorf("AUFS cannot be used in non-init user namespace") incompatibleFsMagic = []graphdriver.FsMagic{ graphdriver.FsMagicBtrfs, graphdriver.FsMagicAufs, @@ -146,6 +149,10 @@ func supportsAufs() error { // proc/filesystems for when aufs is supported exec.Command("modprobe", "aufs").Run() + if rsystem.RunningInUserNS() { + return ErrAufsNested + } + f, err := os.Open("/proc/filesystems") if err != nil { return err