Now `systemctl --user stop docker` completes just with in 1 or 2 seconds.
Fix issue 41944 ("Docker rootless does not exit properly if containers are running")
See systemd.kill(5) https://www.freedesktop.org/software/systemd/man/systemd.kill.html
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 05566adf71)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This reverts commit 0ca7456e52,
which caused the docker service to not be starting, or delayed
starting the service in certain conditions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
I don't think we still had a use for this script, and if someone
needs this, it'll still be accessible in older tags/releases.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Currently we use the `go` command to read GOARCH and use the value for
matching manifests.
This change allows:
1. Specifying the arch through `TARGETARCH`
2. Falling back to `dpkg` if `go` is not available
3. Falling back to `uname -m` if `dpkg` is not available
4. A default value (amd64) if none of these commands is available.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
I looked at fixing https://bugs.debian.org/969940, but these scripts haven't been materially changed in 2-3 years and better alternatives exist elsewhere, so we should probably just remove them instead.
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
Add multi-user.target to the After= list in docker.service so that multi-user.target does not wait for docker.service (and consequently wait for network-online.target).
Signed-off-by: Isaiah Grace <irgkenya4@gmail.com>
In order to run tests at mips64el device.
Now official-images has supported the following images for mips64el.
buildpack-deps:stretch
buildpack-deps:buster
debian:stretch
debian:buster
But official-images does not support the following images for mips64el.
debian:jessie
buildpack-deps:jessie
Signed-off-by: wanghuaiqing <wanghuaiqing@loongson.cn>
The new shim socket path convention hardcodes `/run/containerd`:
https://github.com/containerd/containerd/pull/4343
`dockerd-rootless.sh` is updated to hide the rootful `/run/containerd`
from the mount namespace of the rootless dockerd.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
We were not really using these, and they haven't been
updated in a long time. If needed, we can add people to
the CODEOWNERS file.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These Dockerfiles haven't been maintained, and more up-to-date
versions can be found in Jess's github repository;
- chromium: 3679486e0b/chromium
- gparted: 3679486e0b/gparted
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The default port driver "builtin" might not be always preferrable as it
drops src IP information: https://github.com/containers/libpod/pull/6324
Now the port driver can be changed to "slirp4netns" via the environment
variable `DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER`.
It is still recommended to use the default "builtin" driver.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
`/tmp/docker-$(id -u)` is not a good candidate as `$XDG_RUNTIME_DIR`,
because it might be already created by another user.
The new path is `$HOME/.docker/run`.
Cherry-picked from https://github.com/docker/docker-install/pull/178
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Usage: `dockerd-rootless-setuptool.sh install --force` .
See `--help` for further information.
Co-authored-by: Tianon Gravi <admwiggin@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
slirp4netns v0.3.X turned out not to work with RootlessKit >= v0.7.1:
https://github.com/rootless-containers/rootlesskit/issues/143
As slirp4netns v0.3.X reached EOL on Mar 31, 2020, RootlessKit is not
going to fix support for slirp4netns v0.3.X.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Close#40484
Note that the support for cgroup v2 isn't ready for production yet,
regardless to rootful or rootless.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Commit 0f9f99500c removed the
use of SQLite for managing container links, and commit
f8119bb7a7 removed the migration
tool, and SQLite dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When slirp4netns v0.4.0+ is used, now slirp4netns is hardened using
mount namespace ("sandbox") and seccomp to mitigate potential
vulnerabilities.
bump up rootlesskit: 2fcff6ceae...791ac8cb20
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The mkimage-yum.sh script fails to install additional
packages (passed with -p package-name), because the
package names get quoted twice.
Signed-off-by: Amit Bakshi <ambakshi@gmail.com>
Overlay networking in docker stack does not work correctly if this option is missing, docker will output the following error:
```
enabling default vlan on bridge br0 failed open /sys/class/net/br0/bridge/default_pvdi: permission denied
```
This because `default_pvdi` does not exist without this option.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Simon Ausserlechner <simon.ausserlechner@siemens.com>
Killing the shell script process does not kill the forked process.
This commit switches to `exec` so that the executed process can be
easily killed.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* reset umask to 022
* introduced PKGREQUIRED
* introduced PKGREMOVE
- to be able to remove linux etc on Parabola GNU/Linux
* updated PKGIGNORE
- cryptsetup & device-mapper removed to not break the installation
- added not required packages
* force link /etc/localtime
* install pacman-mirrorlist
Signed-off-by: Staf Wagemakers <staf@wagemakers.be>
lxc-user-nic can eliminate slirp overhead but needs /etc/lxc/lxc-usernet to be configured for the current user.
To use lxc-user-nic, $DOCKERD_ROOTLESS_ROOTLESSKIT_NET=lxc-user-nic also needs to be set.
This commit also bumps up RootlessKit from v0.3.0 to v0.4.0:
70e0502f32...e92d5e772e
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
