Browse code
rootless: fix "x509: certificate signed by unknown authority" on openSUSE Tumbleweed
openSUSE Tumbleweed was facing "x509: certificate signed by unknown authority" error,
as `/etc/ssl/ca-bundle.pem` is provided as a symlink to `../../var/lib/ca-certificates/ca-bundle.pem`,
which was not supported by `rootlesskit --copy-up=/etc` .
See rootless-containers/rootlesskit issues 225
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 8610d8ce4cd28fe17c0867fbcb0714135ba9bbb8)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Akihiro Suda authored on 2021/06/03 16:08:27Showing 1 changed files
| ... | ... |
@@ -118,5 +118,15 @@ else |
| 118 | 118 |
# https://github.com/moby/moby/issues/41230 |
| 119 | 119 |
chcon system_u:object_r:iptables_var_run_t:s0 /run |
| 120 | 120 |
fi |
| 121 |
+ |
|
| 122 |
+ if [ "$(stat -c %T -f /etc)" = "tmpfs" ] && [ -L "/etc/ssl" ]; then |
|
| 123 |
+ # Workaround for "x509: certificate signed by unknown authority" on openSUSE Tumbleweed. |
|
| 124 |
+ # https://github.com/rootless-containers/rootlesskit/issues/225 |
|
| 125 |
+ realpath_etc_ssl=$(realpath /etc/ssl) |
|
| 126 |
+ rm -f /etc/ssl |
|
| 127 |
+ mkdir /etc/ssl |
|
| 128 |
+ mount --rbind ${realpath_etc_ssl} /etc/ssl
|
|
| 129 |
+ fi |
|
| 130 |
+ |
|
| 121 | 131 |
exec dockerd $@ |
| 122 | 132 |
fi |