moby/integration
Sebastiaan van Stijn 660b9962e4
daemon.WithCommonOptions() fix detection of user-namespaces
Commit dae652e2e5 added support for non-privileged
containers to use ICMP_PROTO (used for `ping`). This option cannot be set for
containers that have user-namespaces enabled.

However, the detection looks to be incorrect; HostConfig.UsernsMode was added
in 6993e891d1 / ee2183881b,
and the property only has meaning if the daemon is running with user namespaces
enabled. In other situations, the property has no meaning.
As a result of the above, the sysctl would only be set for containers running
with UsernsMode=host on a daemon running with user-namespaces enabled.

This patch adds a check if the daemon has user-namespaces enabled (RemappedRoot
having a non-empty value), or if the daemon is running inside a user namespace
(e.g. rootless mode) to fix the detection.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a826ca3aef)

---
The cherry-pick was almost clean but `userns.RunningInUserNS()` -> `sys.RunningInUserNS()`.

Fix docker/buildx issue 561
---

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-12-15 18:20:07 +09:00
..
build TestBuildUserNamespaceValidateCapabilitiesAreV2: cleanup daemon storage 2021-11-10 14:12:12 +01:00
config integration/config: add check for removing non-existing config 2020-04-14 18:31:38 +02:00
container daemon.WithCommonOptions() fix detection of user-namespaces 2021-12-15 18:20:07 +09:00
distribution bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
image Windows: Enable more integration tests 2020-09-20 22:09:27 +03:00
internal Replace service "Capabilities" w/ add/drop API 2020-07-27 10:09:42 -07:00
network Update TestDaemonRestartWithLiveRestore: fix docker0 subnet missmatch 2021-02-17 21:07:36 +01:00
plugin vendor: github.com/opencontainers/image-spec v1.0.2 2021-11-18 00:03:29 +01:00
secret integration/secret: add check for empty list not producing an error 2020-04-14 18:31:36 +02:00
service Fix race in TestCreateServiceSecretFileMode, TestCreateServiceConfigFileMode 2021-10-27 12:30:35 +02:00
session bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
system test-integration: support more rootless tests 2020-03-16 17:37:38 +09:00
testdata/https Update test certificates 2021-07-15 22:24:21 +02:00
volume Windows: Enable more integration tests 2020-09-20 22:09:27 +03:00
doc.go Add canonical import comment 2018-02-05 16:51:57 -05:00