mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
8493fb18ae
The `--rootless` flag had a couple of issues:
* #38702: euid=0, $USER="root" but no access to cgroup ("rootful" Docker in rootless Docker)
* #39009: euid=0 but $USER="docker" (rootful boot2docker)
To fix #38702, XDG dirs are ignored as in rootful Docker, unless the
dockerd is directly running under RootlessKit namespaces.
RootlessKit detection is implemented by checking whether `$ROOTLESSKIT_STATE_DIR` is set.
To fix #39009, the non-robust `$USER` check is now completely removed.
The entire logic can be illustrated as follows:
```
withRootlessKit := getenv("ROOTLESSKIT_STATE_DIR")
rootlessMode := withRootlessKit || cliFlag("--rootless")
honorXDG := withRootlessKit
useRootlessKitDockerProxy := withRootlessKit
removeCgroupSpec := rootlessMode
adjustOOMScoreAdj := rootlessMode
```
Close #39024
Fix #38702 #39009
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit
|
||
---|---|---|
.. | ||
hack | ||
config.go | ||
config_common_unix.go | ||
config_unix.go | ||
config_unix_test.go | ||
config_windows.go | ||
daemon.go | ||
daemon_freebsd.go | ||
daemon_linux.go | ||
daemon_test.go | ||
daemon_unix.go | ||
daemon_unix_test.go | ||
daemon_windows.go | ||
docker.go | ||
docker_unix.go | ||
docker_windows.go | ||
metrics.go | ||
options.go | ||
options_test.go | ||
README.md | ||
service_unsupported.go | ||
service_windows.go |
docker.go contains Docker daemon's main function.
This file provides first line CLI argument parsing and environment variable setting.