mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
don't try to use aufs in a user namespace
If aufs is already modprobe'd but we are in a user namespace, the aufs driver will happily load but then get eperm when it actually tries to do something. So detect that condition. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
parent
4a7bd7eaef
commit
2a71f28a4e
1 changed files with 7 additions and 0 deletions
|
@ -46,11 +46,14 @@ import (
|
||||||
"github.com/docker/docker/pkg/stringid"
|
"github.com/docker/docker/pkg/stringid"
|
||||||
|
|
||||||
"github.com/opencontainers/runc/libcontainer/label"
|
"github.com/opencontainers/runc/libcontainer/label"
|
||||||
|
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// ErrAufsNotSupported is returned if aufs is not supported by the host.
|
// ErrAufsNotSupported is returned if aufs is not supported by the host.
|
||||||
ErrAufsNotSupported = fmt.Errorf("AUFS was not found in /proc/filesystems")
|
ErrAufsNotSupported = fmt.Errorf("AUFS was not found in /proc/filesystems")
|
||||||
|
// ErrAufsNested means aufs cannot be used bc we are in a user namespace
|
||||||
|
ErrAufsNested = fmt.Errorf("AUFS cannot be used in non-init user namespace")
|
||||||
incompatibleFsMagic = []graphdriver.FsMagic{
|
incompatibleFsMagic = []graphdriver.FsMagic{
|
||||||
graphdriver.FsMagicBtrfs,
|
graphdriver.FsMagicBtrfs,
|
||||||
graphdriver.FsMagicAufs,
|
graphdriver.FsMagicAufs,
|
||||||
|
@ -146,6 +149,10 @@ func supportsAufs() error {
|
||||||
// proc/filesystems for when aufs is supported
|
// proc/filesystems for when aufs is supported
|
||||||
exec.Command("modprobe", "aufs").Run()
|
exec.Command("modprobe", "aufs").Run()
|
||||||
|
|
||||||
|
if rsystem.RunningInUserNS() {
|
||||||
|
return ErrAufsNested
|
||||||
|
}
|
||||||
|
|
||||||
f, err := os.Open("/proc/filesystems")
|
f, err := os.Open("/proc/filesystems")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
Loading…
Reference in a new issue