moby--moby

Commit Graph

Author	SHA1	Message	Date
Phil Estes	42716dcf5c	Only chown network files within container metadata If the user specifies a mountpath from the host, we should not be attempting to chown files outside the daemon's metadata directory (represented by `daemon.repository` at init time). This forces users who want to use user namespaces to handle the ownership needs of any external files mounted as network files (/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the daemon. In all other volume/bind mount situations we have taken this same line--we don't chown host file content. Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>	2017-11-01 10:14:01 -04:00

Author

SHA1

Message

Date

Phil Estes

42716dcf5c

Only chown network files within container metadata

If the user specifies a mountpath from the host, we should not be
attempting to chown files outside the daemon's metadata directory
(represented by `daemon.repository` at init time).

This forces users who want to use user namespaces to handle the
ownership needs of any external files mounted as network files
(/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the
daemon. In all other volume/bind mount situations we have taken this
same line--we don't chown host file content.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>

2017-11-01 10:14:01 -04:00

1 Commits