We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

dockerd-rootless-setuptool.sh: check RootlessKit functionality

RootlessKit will print hints if something is still unsatisfied.

e.g., `kernel.apparmor_restrict_unprivileged_userns` constraint
rootless-containers/rootlesskit@33c3e7ca6c3f76e74e8acd5b53668dcd3d8e58e0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit b32cfc3b3a9d791ed3924ab168f27962dceec949)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Akihiro Suda 1 year ago
parent
77de535364
commit
d27fe2558d
1 changed files with 7 additions and 0 deletions
Unified View Show Diff Stats
  1. 7 0
      contrib/dockerd-rootless-setuptool.sh

+ 7 - 0
contrib/dockerd-rootless-setuptool.sh
View File 

@@ -269,6 +269,13 @@ init() {
 
 	# - sysctl: "net.ipv4.ip_unprivileged_port_start"
 
 	# - sysctl: "net.ipv4.ip_unprivileged_port_start"
 
 	# - external binary: slirp4netns
 
 	# - external binary: slirp4netns
 
 	# - external binary: fuse-overlayfs
 
 	# - external binary: fuse-overlayfs
 
+
 
+	# check RootlessKit functionality. RootlessKit will print hints if something is still unsatisfied.
 
+	# (e.g., `kernel.apparmor_restrict_unprivileged_userns` constraint)
 
+	if ! rootlesskit true; then
 
+		ERROR "RootlessKit failed, see the error messages and https://rootlesscontaine.rs/getting-started/common/ ."
 
+		exit 1
 
+	fi
 
 }
 
 }
 
 
 
 # CLI subcommand: "check"
 
 # CLI subcommand: "check"

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5