We need to add delegate yes to docker's service file so that it can
manage the cgroups of the processes that it launches without systemd
interfering with them and moving the processes after it is reloaded.
```
Delegate=
Turns on delegation of further resource control partitioning to
processes of the unit. For unprivileged services (i.e. those
using the User= setting), this allows processes to create a
subhierarchy beneath its control group path. For privileged
services and scopes, this ensures the processes will have all
control group controllers enabled.
```
This is the proper fix for issue #20152
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add a check in `check-config.sh` to see if we are running on a RHEL7 or
CentOS7 system, which may report that CONFIG_USERNS is OK/enabled, but
user namespaces still won't work because of the experimental feature
flag added by Redhat.
This will add a warning if it is actually disabled and notes what has to
be added to the grub/boot command line to enable it.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Using {{if major}}{{if minor}} doesn't work as expected when the major
version changes. In addition, this didn't support patch levels (which is
necessary in some cases when distributions ship apparmor weirdly).
Signed-off-by: Aleksa Sarai <asarai@suse.com>
The obscure `case "${words[$cword-2]}$prev=" in` idiom is no
longer used for key specific completions in options with map values.
The `__docker_map_key_of_current_option()` function does a much
better job.
Signed-off-by: Harald Albers <github@albersweb.de>
This is a refactoring in preparation of cleaning up the handling
of key specific subcompletions.
The new `__docker_map_key_of_current_option()` function will be used
instead of the `__docker_map_key_of_current_option()` idiom in the
following commit.
As this function is very specific, checks using it should be executed
before those checking for `$prev`.
This commit just moves the checks without any modification.
Signed-off-by: Harald Albers <github@albersweb.de>
Previously, this check only worked if no host was specified and was
hard coded to check for "/var/run/docker.sock"
This change generalizes that check and captures any specified socket
and waits for it to be created.
Caveat: This will only check the first socket specified, but it is an
improvement over none at all.
Fixes#185160
Signed-off-by: Andrew Guenther <guenther.andrew.j@gmail.com>
dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Also, add "libsystemd-journal-dev" to the explicit list (which is what prompted the change in how we install).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
