1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

don't try to use aufs in a user namespace

If aufs is already modprobe'd but we are in a user namespace, the
aufs driver will happily load but then get eperm when it actually tries
to do something.  So detect that condition.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn 2016-03-31 14:42:16 -05:00
parent 4a7bd7eaef
commit 2a71f28a4e

View file

@ -46,11 +46,14 @@ import (
"github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/stringid"
"github.com/opencontainers/runc/libcontainer/label" "github.com/opencontainers/runc/libcontainer/label"
rsystem "github.com/opencontainers/runc/libcontainer/system"
) )
var ( var (
// ErrAufsNotSupported is returned if aufs is not supported by the host. // ErrAufsNotSupported is returned if aufs is not supported by the host.
ErrAufsNotSupported = fmt.Errorf("AUFS was not found in /proc/filesystems") ErrAufsNotSupported = fmt.Errorf("AUFS was not found in /proc/filesystems")
// ErrAufsNested means aufs cannot be used bc we are in a user namespace
ErrAufsNested = fmt.Errorf("AUFS cannot be used in non-init user namespace")
incompatibleFsMagic = []graphdriver.FsMagic{ incompatibleFsMagic = []graphdriver.FsMagic{
graphdriver.FsMagicBtrfs, graphdriver.FsMagicBtrfs,
graphdriver.FsMagicAufs, graphdriver.FsMagicAufs,
@ -146,6 +149,10 @@ func supportsAufs() error {
// proc/filesystems for when aufs is supported // proc/filesystems for when aufs is supported
exec.Command("modprobe", "aufs").Run() exec.Command("modprobe", "aufs").Run()
if rsystem.RunningInUserNS() {
return ErrAufsNested
}
f, err := os.Open("/proc/filesystems") f, err := os.Open("/proc/filesystems")
if err != nil { if err != nil {
return err return err