kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/integration/container
History
Sebastiaan van Stijn 660b9962e4
daemon.WithCommonOptions() fix detection of user-namespaces 
Commit dae652e2e5 added support for non-privileged
containers to use ICMP_PROTO (used for `ping`). This option cannot be set for
containers that have user-namespaces enabled.

However, the detection looks to be incorrect; HostConfig.UsernsMode was added
in 6993e891d1 / ee2183881b,
and the property only has meaning if the daemon is running with user namespaces
enabled. In other situations, the property has no meaning.
As a result of the above, the sysctl would only be set for containers running
with UsernsMode=host on a daemon running with user-namespaces enabled.

This patch adds a check if the daemon has user-namespaces enabled (RemappedRoot
having a non-empty value), or if the daemon is running inside a user namespace
(e.g. rootless mode) to fix the detection.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a826ca3aef)

---
The cherry-pick was almost clean but `userns.RunningInUserNS()` -> `sys.RunningInUserNS()`.

Fix docker/buildx issue 561
---

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 		2021-12-15 18:20:07 +09:00
..
checkpoint_test.go
container_test.go
copy_test.go
create_test.go
daemon_linux_test.go
daemon_test.go
diff_test.go
exec_test.go
export_test.go
health_test.go
inspect_test.go
ipcmode_linux_test.go
kill_test.go
links_linux_test.go
logs_test.go
main_test.go
mounts_linux_test.go
nat_test.go
pause_test.go
ps_test.go
remove_test.go
rename_test.go
resize_test.go
restart_test.go
run_cgroupns_linux_test.go
run_linux_test.go daemon.WithCommonOptions() fix detection of user-namespaces 2021-12-15 18:20:07 +09:00
stats_test.go
stop_linux_test.go
stop_test.go
stop_windows_test.go
update_linux_test.go
update_test.go
wait_test.go