|
@@ -8,6 +8,7 @@ import (
|
|
|
"syscall"
|
|
|
|
|
|
"github.com/docker/docker/pkg/mount"
|
|
|
+ rsystem "github.com/opencontainers/runc/libcontainer/system"
|
|
|
)
|
|
|
|
|
|
// chroot on linux uses pivot_root instead of chroot
|
|
@@ -17,6 +18,10 @@ import (
|
|
|
// Old root is removed after the call to pivot_root so it is no longer available under the new root.
|
|
|
// This is similar to how libcontainer sets up a container's rootfs
|
|
|
func chroot(path string) (err error) {
|
|
|
+ // if the engine is running in a user namespace we need to use actual chroot
|
|
|
+ if rsystem.RunningInUserNS() {
|
|
|
+ return realChroot(path)
|
|
|
+ }
|
|
|
if err := syscall.Unshare(syscall.CLONE_NEWNS); err != nil {
|
|
|
return fmt.Errorf("Error creating mount namespace before pivot: %v", err)
|
|
|
}
|