mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
3518383ed9
The `--rootless` flag had a couple of issues: * #38702: euid=0, $USER="root" but no access to cgroup ("rootful" Docker in rootless Docker) * #39009: euid=0 but $USER="docker" (rootful boot2docker) To fix #38702, XDG dirs are ignored as in rootful Docker, unless the dockerd is directly running under RootlessKit namespaces. RootlessKit detection is implemented by checking whether `$ROOTLESSKIT_STATE_DIR` is set. To fix #39009, the non-robust `$USER` check is now completely removed. The entire logic can be illustrated as follows: ``` withRootlessKit := getenv("ROOTLESSKIT_STATE_DIR") rootlessMode := withRootlessKit || cliFlag("--rootless") honorXDG := withRootlessKit useRootlessKitDockerProxy := withRootlessKit removeCgroupSpec := rootlessMode adjustOOMScoreAdj := rootlessMode ``` Close #39024 Fix #38702 #39009 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> |
||
|---|---|---|
| .. | ||
| address_pools.go | ||
| address_pools_test.go | ||
| env.go | ||
| env_test.go | ||
| hosts.go | ||
| hosts_test.go | ||
| hosts_unix.go | ||
| hosts_windows.go | ||
| ip.go | ||
| ip_test.go | ||
| opts.go | ||
| opts_test.go | ||
| opts_unix.go | ||
| opts_windows.go | ||
| quotedstring.go | ||
| quotedstring_test.go | ||
| runtime.go | ||
| ulimit.go | ||
| ulimit_test.go | ||