5 лет назад · 09cf117b31
--- a/api/server/router/container/container_routes.go
+++ b/api/server/router/container/container_routes.go
@@ -497,7 +497,7 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 
				 	if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
			
 
				 		// Older clients expect the default to be "host" on cgroup v1 hosts
			
 
				 		if hostConfig.CgroupnsMode.IsEmpty() {
			
 
				-			hostConfig.CgroupnsMode = container.CgroupnsMode("host")
			
 
				+			hostConfig.CgroupnsMode = container.CgroupnsModeHost
			
 
				 		}
			
 
				 	}
			
 
				 
			
--- a/api/types/container/host_config.go
+++ b/api/types/container/host_config.go
@@ -13,19 +13,26 @@ import (
 
				 // CgroupnsMode represents the cgroup namespace mode of the container
			
 
				 type CgroupnsMode string
			
 
				 
			
 
				+// cgroup namespace modes for containers
			
 
				+const (
			
 
				+	CgroupnsModeEmpty   CgroupnsMode = ""
			
 
				+	CgroupnsModePrivate CgroupnsMode = "private"
			
 
				+	CgroupnsModeHost    CgroupnsMode = "host"
			
 
				+)
			
 
				+
			
 
				 // IsPrivate indicates whether the container uses its own private cgroup namespace
			
 
				 func (c CgroupnsMode) IsPrivate() bool {
			
 
				-	return c == "private"
			
 
				+	return c == CgroupnsModePrivate
			
 
				 }
			
 
				 
			
 
				 // IsHost indicates whether the container shares the host's cgroup namespace
			
 
				 func (c CgroupnsMode) IsHost() bool {
			
 
				-	return c == "host"
			
 
				+	return c == CgroupnsModeHost
			
 
				 }
			
 
				 
			
 
				 // IsEmpty indicates whether the container cgroup namespace mode is unset
			
 
				 func (c CgroupnsMode) IsEmpty() bool {
			
 
				-	return c == ""
			
 
				+	return c == CgroupnsModeEmpty
			
 
				 }
			
 
				 
			
 
				 // Valid indicates whether the cgroup namespace mode is valid
			
--- a/cmd/dockerd/config_unix.go
+++ b/cmd/dockerd/config_unix.go
@@ -66,10 +66,10 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
 
				 	// rootless needs to be explicitly specified for running "rootful" dockerd in rootless dockerd (#38702)
			
 
				 	// Note that defaultUserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
			
 
				 	flags.BoolVar(&conf.Rootless, "rootless", rootless.RunningWithRootlessKit(), "Enable rootless mode; typically used with RootlessKit")
			
 
				-	defaultCgroupNamespaceMode := "host"
			
 
				-	if cgroups.Mode() == cgroups.Unified {
			
 
				-		defaultCgroupNamespaceMode = "private"
			
 
				+	defaultCgroupNamespaceMode := config.DefaultCgroupNamespaceMode
			
 
				+	if cgroups.Mode() != cgroups.Unified {
			
 
				+		defaultCgroupNamespaceMode = config.DefaultCgroupV1NamespaceMode
			
 
				 	}
			
 
				-	flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", defaultCgroupNamespaceMode, `Default mode for containers cgroup namespace ("host" | "private")`)
			
 
				+	flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", string(defaultCgroupNamespaceMode), `Default mode for containers cgroup namespace ("host" | "private")`)
			
 
				 	return nil
			
 
				 }
			
--- a/daemon/config/config_linux.go
+++ b/daemon/config/config_linux.go
@@ -13,6 +13,12 @@ import (
 
				 const (
			
 
				 	// DefaultIpcMode is default for container's IpcMode, if not set otherwise
			
 
				 	DefaultIpcMode = containertypes.IPCModePrivate
			
 
				+
			
 
				+	// DefaultCgroupNamespaceMode is the default mode for containers cgroup namespace when using cgroups v2.
			
 
				+	DefaultCgroupNamespaceMode = containertypes.CgroupnsModePrivate
			
 
				+
			
 
				+	// DefaultCgroupV1NamespaceMode is the default mode for containers cgroup namespace when using cgroups v1.
			
 
				+	DefaultCgroupV1NamespaceMode = containertypes.CgroupnsModeHost
			
 
				 )
			
 
				 
			
 
				 // BridgeConfig stores all the bridge driver specific
			
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -357,16 +357,16 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 
				 		// for cgroup v2: unshare cgroupns even for privileged containers
			
 
				 		// https://github.com/containers/libpod/pull/4374#issuecomment-549776387
			
 
				 		if hostConfig.Privileged && cgroups.Mode() != cgroups.Unified {
			
 
				-			hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
			
 
				+			hostConfig.CgroupnsMode = containertypes.CgroupnsModeHost
			
 
				 		} else {
			
 
				-			m := "host"
			
 
				+			m := containertypes.CgroupnsModeHost
			
 
				 			if cgroups.Mode() == cgroups.Unified {
			
 
				-				m = "private"
			
 
				+				m = containertypes.CgroupnsModePrivate
			
 
				 			}
			
 
				 			if daemon.configStore != nil {
			
 
				-				m = daemon.configStore.CgroupNamespaceMode
			
 
				+				m = containertypes.CgroupnsMode(daemon.configStore.CgroupNamespaceMode)
			
 
				 			}
			
 
				-			hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
			
 
				+			hostConfig.CgroupnsMode = m
			
 
				 		}
			
 
				 	}