mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
dockerd-rootless.sh: allow specifying DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER
The default port driver "builtin" might not be always preferrable as it drops src IP information: https://github.com/containers/libpod/pull/6324 Now the port driver can be changed to "slirp4netns" via the environment variable `DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER`. It is still recommended to use the default "builtin" driver. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
parent
4609153995
commit
6743320a12
1 changed files with 9 additions and 3 deletions
|
@ -7,8 +7,13 @@
|
|||
# * newuidmap and newgidmap needs to be installed.
|
||||
# * /etc/subuid and /etc/subgid needs to be configured for the current user.
|
||||
# * Either one of slirp4netns (>= v0.4.0), VPNKit, lxc-user-nic needs to be installed.
|
||||
# slirp4netns is used by default if installed. Otherwise fallsback to VPNKit.
|
||||
# The default value can be overridden with $DOCKERD_ROOTLESS_ROOTLESSKIT_NET=(slirp4netns|vpnkit|lxc-user-nic)
|
||||
#
|
||||
# Recognized environment variables:
|
||||
# * DOCKERD_ROOTLESS_ROOTLESSKIT_NET=(slirp4netns|vpnkit|lxc-user-nic): the rootlesskit network driver. Defaults to "slirp4netns" if slirp4netns (>= v0.4.0) is installed. Otherwise defaults to "vpnkit".
|
||||
# * DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=NUM: the MTU value for the rootlesskit network driver. Defaults to 65520 for slirp4netns, 1500 for other drivers.
|
||||
# * DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=(builtin|slirp4netns): the rootlesskit port driver. Defaults to "builtin".
|
||||
# * DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX=(auto|true|false): whether to protect slirp4netns with a dedicated mount namespace. Defaults to "auto".
|
||||
# * DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP=(auto|true|false): whether to protect slirp4netns with seccomp. Defaults to "auto".
|
||||
#
|
||||
# See the documentation for the further information: https://docs.docker.com/engine/security/rootless/
|
||||
|
||||
|
@ -36,6 +41,7 @@ fi
|
|||
|
||||
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_NET:=}"
|
||||
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_MTU:=}"
|
||||
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER:=builtin}"
|
||||
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX:=auto}"
|
||||
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP:=auto}"
|
||||
net=$DOCKERD_ROOTLESS_ROOTLESSKIT_NET
|
||||
|
@ -79,7 +85,7 @@ if [ -z $_DOCKERD_ROOTLESS_CHILD ]; then
|
|||
--net=$net --mtu=$mtu \
|
||||
--slirp4netns-sandbox=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX \
|
||||
--slirp4netns-seccomp=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP \
|
||||
--disable-host-loopback --port-driver=builtin \
|
||||
--disable-host-loopback --port-driver=$DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER \
|
||||
--copy-up=/etc --copy-up=/run \
|
||||
--propagation=rslave \
|
||||
$DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS \
|
||||
|
|
Loading…
Reference in a new issue