moby/cmd/dockerd
Akihiro Suda 8493fb18ae
dockerd: fix rootless detection (alternative to #39024)
The `--rootless` flag had a couple of issues:
* #38702: euid=0, $USER="root" but no access to cgroup ("rootful" Docker in rootless Docker)
* #39009: euid=0 but $USER="docker" (rootful boot2docker)

To fix #38702, XDG dirs are ignored as in rootful Docker, unless the
dockerd is directly running under RootlessKit namespaces.

RootlessKit detection is implemented by checking whether `$ROOTLESSKIT_STATE_DIR` is set.

To fix #39009, the non-robust `$USER` check is now completely removed.

The entire logic can be illustrated as follows:

```
withRootlessKit := getenv("ROOTLESSKIT_STATE_DIR")
rootlessMode := withRootlessKit || cliFlag("--rootless")
honorXDG := withRootlessKit
useRootlessKitDockerProxy := withRootlessKit
removeCgroupSpec := rootlessMode
adjustOOMScoreAdj := rootlessMode
```

Close #39024
Fix #38702 #39009

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 3518383ed9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-13 15:31:31 -07:00
..
hack Add canonical import comment 2018-02-05 16:51:57 -05:00
config.go Remove the rest of v1 manifest support 2019-03-02 10:46:37 -08:00
config_common_unix.go dockerd: fix rootless detection (alternative to #39024) 2019-05-13 15:31:31 -07:00
config_unix.go dockerd: fix rootless detection (alternative to #39024) 2019-05-13 15:31:31 -07:00
config_unix_test.go allow running dockerd in an unprivileged user namespace (rootless mode) 2019-02-04 00:24:27 +09:00
config_windows.go allow running dockerd in an unprivileged user namespace (rootless mode) 2019-02-04 00:24:27 +09:00
daemon.go dockerd: fix rootless detection (alternative to #39024) 2019-05-13 15:31:31 -07:00
daemon_freebsd.go Windows: Wait for OOBE to prevent crashing during host update 2017-02-15 14:01:54 -08:00
daemon_linux.go Use go-systemd const instead of magic string in Linux version of dockerd 2018-05-23 19:06:34 +02:00
daemon_test.go allow running dockerd in an unprivileged user namespace (rootless mode) 2019-02-04 00:24:27 +09:00
daemon_unix.go dockerd: fix rootless detection (alternative to #39024) 2019-05-13 15:31:31 -07:00
daemon_unix_test.go allow running dockerd in an unprivileged user namespace (rootless mode) 2019-02-04 00:24:27 +09:00
daemon_windows.go fix containerd WaitTimeout 2019-04-08 18:44:14 +09:00
docker.go dockerd: fix rootless detection (alternative to #39024) 2019-05-13 15:31:31 -07:00
docker_unix.go Windows:Add ETW logging hook 2019-03-12 18:41:55 -07:00
docker_windows.go Windows:Add ETW logging hook 2019-03-12 18:41:55 -07:00
metrics.go Various code-cleanup 2018-05-23 17:50:54 +02:00
options.go allow running dockerd in an unprivileged user namespace (rootless mode) 2019-02-04 00:24:27 +09:00
options_test.go Update tests to use gotest.tools 👼 2018-06-13 09:04:30 +02:00
README.md Fix readme doc for dockerd 2016-09-01 14:47:51 +08:00
service_unsupported.go Split daemon service code to _windows file 2018-03-21 12:57:53 +01:00
service_windows.go Properly type handles to prevent overflows 2018-10-10 16:46:37 -07:00

docker.go contains Docker daemon's main function.

This file provides first line CLI argument parsing and environment variable setting.