kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Use real chroot if daemon is running in a user namespace

Browse source 
The namespace unshare+pivot root is not possible when running inside a
user namespace, so fallback to the original "real" chroot code.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
This commit is contained in:
Phil Estes 2016-08-12 16:31:01 -04:00
parent 617c352e92
commit dc950567c1
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/chrootarchive/chroot_linux.go
View file

@ -8,6 +8,7 @@ import (
"syscall" "syscall"
"github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/mount"
rsystem "github.com/opencontainers/runc/libcontainer/system"
) )
// chroot on linux uses pivot_root instead of chroot // chroot on linux uses pivot_root instead of chroot
@ -17,6 +18,10 @@ import (
// Old root is removed after the call to pivot_root so it is no longer available under the new root. // Old root is removed after the call to pivot_root so it is no longer available under the new root.
// This is similar to how libcontainer sets up a container's rootfs // This is similar to how libcontainer sets up a container's rootfs
func chroot(path string) (err error) { func chroot(path string) (err error) {
// if the engine is running in a user namespace we need to use actual chroot
if rsystem.RunningInUserNS() {
return realChroot(path)
}
if err := syscall.Unshare(syscall.CLONE_NEWNS); err != nil { if err := syscall.Unshare(syscall.CLONE_NEWNS); err != nil {
return fmt.Errorf("Error creating mount namespace before pivot: %v", err) return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
} }