GitList

Browse code

rootless: launch rootlesskit with --propagation=rslave

The propagation was previously set to rprivate and didn't propagate
mounts from the host mount namespace into the daemon's mount namespace.

Further information about --propagation: https://github.com/rootless-containers/rootlesskit/tree/v0.9.1#mount-propagation
RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/v0.8.0...v0.9.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

Akihiro Suda authored on 2020/03/06 23:22:41
Showing 2 changed files

contrib/dockerd-rootless.sh index 8f0d543..61b3ed9 100755
hack/dockerfile/install/rootlesskit.installer index df55e51..66e478d 100755

contrib/dockerd-rootless.sh

History View file @ 1ea3a2b

@@ -82,6 +82,7 @@ if [ -z $_DOCKERD_ROOTLESS_CHILD ]; then
                      		--slirp4netns-seccomp=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP \
                      		--disable-host-loopback --port-driver=builtin \
                      		--copy-up=/etc --copy-up=/run \
                     +		--propagation=rslave \
                      		$DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS \
                      		$0 $@
                      else

hack/dockerfile/install/rootlesskit.installer

History View file @ 1ea3a2b

@@ -1,7 +1,7 @@
                      #!/bin/sh
                     -# v0.8.0
                     -: ${ROOTLESSKIT_COMMIT:=ce88a431e6a7cf891ebb68b10bfc6a5724b9ae72}
                     +# v0.9.1
                     +: ${ROOTLESSKIT_COMMIT:=db9657404cd538820e9e83d90dab2a78d8b833e6}
                      install_rootlesskit() {
                      	case "$1" in