@@ -3805,7 +3805,7 @@ definitions:

         description: |

           The driver to use for managing cgroups.

         type: "string"

-        enum: ["cgroupfs", "systemd"]

+        enum: ["cgroupfs", "systemd", "none"]

         default: "cgroupfs"

         example: "cgroupfs"

       NEventsListener:

@@ -4040,7 +4040,7 @@ definitions:

       SecurityOptions:

         description: |

           List of security features that are enabled on the daemon, such as

-          apparmor, seccomp, SELinux, and user-namespaces (userns).

+          apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.

           Additional configuration options for each security feature may

           be present, and are included as a comma-separated list of key/value

@@ -4053,6 +4053,7 @@ definitions:

           - "name=seccomp,profile=default"

           - "name=selinux"

           - "name=userns"

+          - "name=rootless"

       ProductLicense:

         description: |

           Reports a summary of the product license on the daemon.

@@ -73,6 +73,7 @@ const (

 	// constant for cgroup drivers

 	cgroupFsDriver      = "cgroupfs"

 	cgroupSystemdDriver = "systemd"

+	cgroupNoneDriver    = "none"

 	// DefaultRuntimeName is the default runtime to be used by

 	// containerd if none is specified

@@ -575,6 +576,9 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, sysIn

 }

 func (daemon *Daemon) getCgroupDriver() string {

+	if daemon.Rootless() {

+		return cgroupNoneDriver

+	}

 	cgroupDriver := cgroupFsDriver

 	if UsingSystemd(daemon.configStore) {

@@ -601,6 +605,9 @@ func VerifyCgroupDriver(config *config.Config) error {

 	if cd == "" || cd == cgroupFsDriver || cd == cgroupSystemdDriver {

 		return nil

 	}

+	if cd == cgroupNoneDriver {

+		return fmt.Errorf("native.cgroupdriver option %s is internally used and cannot be specified manually", cd)

+	}

 	return fmt.Errorf("native.cgroupdriver option %s not supported", cd)

 }

@@ -49,6 +49,11 @@ keywords: "API, Docker, rcli, REST, documentation"

 * `GET /info` now returns information about `DataPathPort` that is currently used in swarm

 * `GET /info` now returns `PidsLimit` boolean to indicate if the host kernel has

   PID limit support enabled.

+* `GET /info` now includes `name=rootless` in `SecurityOptions` when the daemon is running in

+  rootless mode.  This change is not versioned, and affects all API versions if the daemon has

+  this patch.

+* `GET /info` now returns `none` as `CgroupDriver` when the daemon is running in rootless mode.

+  This change is not versioned, and affects all API versions if the daemon has this patch.

 * `POST /containers/create` now accepts `DeviceRequests` as part of `HostConfig`.

   Can be used to set Nvidia GPUs.

 * `GET /swarm` endpoint now returns DataPathPort info

@@ -64,6 +64,8 @@ Remarks:

 * The exec dir is set to `$XDG_RUNTIME_DIR/docker` by default.

 * The daemon config dir is set to `~/.config/docker` (not `~/.docker`, which is used by the client) by default.

 * The `dockerd-rootless.sh` script executes `dockerd` in its own user, mount, and network namespaces. You can enter the namespaces by running `nsenter -U --preserve-credentials -n -m -t $(cat $XDG_RUNTIME_DIR/docker.pid)`.

+* `docker info` shows `rootless` in `SecurityOptions`

+* `docker info` shows `none` as `Cgroup Driver`

 ### Client