We were not really using these, and they haven't been
updated in a long time. If needed, we can add people to
the CODEOWNERS file.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These Dockerfiles haven't been maintained, and more up-to-date
versions can be found in Jess's github repository;
- chromium: 3679486e0b/chromium
- gparted: 3679486e0b/gparted
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`/tmp/docker-$(id -u)` is not a good candidate as `$XDG_RUNTIME_DIR`,
because it might be already created by another user.
The new path is `$HOME/.docker/run`.
Cherry-picked from https://github.com/docker/docker-install/pull/178
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Usage: `dockerd-rootless-setuptool.sh install --force` .
See `--help` for further information.
Co-authored-by: Tianon Gravi <admwiggin@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
slirp4netns v0.3.X turned out not to work with RootlessKit >= v0.7.1:
https://github.com/rootless-containers/rootlesskit/issues/143
As slirp4netns v0.3.X reached EOL on Mar 31, 2020, RootlessKit is not
going to fix support for slirp4netns v0.3.X.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Close#40484
Note that the support for cgroup v2 isn't ready for production yet,
regardless to rootful or rootless.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Commit 0f9f99500c removed the
use of SQLite for managing container links, and commit
f8119bb7a7 removed the migration
tool, and SQLite dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When slirp4netns v0.4.0+ is used, now slirp4netns is hardened using
mount namespace ("sandbox") and seccomp to mitigate potential
vulnerabilities.
bump up rootlesskit: 2fcff6ceae...791ac8cb20
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The mkimage-yum.sh script fails to install additional
packages (passed with -p package-name), because the
package names get quoted twice.
Signed-off-by: Amit Bakshi <ambakshi@gmail.com>
Overlay networking in docker stack does not work correctly if this option is missing, docker will output the following error:
```
enabling default vlan on bridge br0 failed open /sys/class/net/br0/bridge/default_pvdi: permission denied
```
This because `default_pvdi` does not exist without this option.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Simon Ausserlechner <simon.ausserlechner@siemens.com>
Killing the shell script process does not kill the forked process.
This commit switches to `exec` so that the executed process can be
easily killed.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* reset umask to 022
* introduced PKGREQUIRED
* introduced PKGREMOVE
- to be able to remove linux etc on Parabola GNU/Linux
* updated PKGIGNORE
- cryptsetup & device-mapper removed to not break the installation
- added not required packages
* force link /etc/localtime
* install pacman-mirrorlist
Signed-off-by: Staf Wagemakers <staf@wagemakers.be>
lxc-user-nic can eliminate slirp overhead but needs /etc/lxc/lxc-usernet to be configured for the current user.
To use lxc-user-nic, $DOCKERD_ROOTLESS_ROOTLESSKIT_NET=lxc-user-nic also needs to be set.
This commit also bumps up RootlessKit from v0.3.0 to v0.4.0:
70e0502f32...e92d5e772e
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Use rc_ulimit for ulimit constraints
* Synchronize ulimit settings to systemd's
* Add support for reload command
* Add support for retry settings for docker stop/restart
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
Now `docker run -p` ports can be exposed to the host namespace automatically when `dockerd-rootless.sh` is launched with
`--userland-proxy --userland-proxy-path $(which rootlesskit-docker-proxy)`.
This is akin to how Docker for Mac/Win works with `--userland-proxy-path=/path/to/vpnkit-expose-port`.
The port number on the host namespace needs to be set to >= 1024.
SCTP ports are currently unsupported.
RootlessKit changes: 7bbbc48a6f...ed26714429
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Previously, tag information automatically is added from
/etc/{redhat,system}-release in image (target directory).
But I want to specify any tag informtion when using mkimage-yum.sh.
Because a Linux distribution based RHEL (It's Asianux Server) uses
SPn notation (e.g. SP3) instead of period notaion (e.g. 7.6).
Signed-off-by: Noriki Nakamura <noriki.nakamura@miraclelinux.com>
Please refer to `docs/rootless.md`.
TLDR:
* Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you
* `dockerd-rootless.sh --experimental`
* `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Add Location following since security redirects to security-cdn and caused the repository to be added on Debian unstable.
Signed-off-by: Mattias Jernberg <nostrad@gmail.com>
On kernels without this options set, publishing ports for swarm
services does not work, making the published port not accessible
("connection refused")
Thanks to Wenbo Wang for reporting, and Tianon for finding this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
PartOf deactivates the socket whenever the service get deactivated. The socket unit however should be active nevertheless.
Signed-off-by: Max Harmathy <max.harmathy@web.de>
