f0b405fbda
Now `docker run -p` ports can be exposed to the host namespace automatically when `dockerd-rootless.sh` is launched with
`--userland-proxy --userland-proxy-path $(which rootlesskit-docker-proxy)`.
This is akin to how Docker for Mac/Win works with `--userland-proxy-path=/path/to/vpnkit-expose-port`.
The port number on the host namespace needs to be set to >= 1024.
SCTP ports are currently unsupported.
RootlessKit changes: 7bbbc48a6f...ed26714429
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
35 lines
983 B
Bash
35 lines
983 B
Bash
#!/usr/bin/env bash
|
|
set -e
|
|
|
|
copy_binaries() {
|
|
local dir="$1"
|
|
local hash="$2"
|
|
# Add nested executables to bundle dir so we have complete set of
|
|
# them available, but only if the native OS/ARCH is the same as the
|
|
# OS/ARCH of the build target
|
|
if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARCH)" ]; then
|
|
return
|
|
fi
|
|
if [ ! -x /usr/local/bin/runc ]; then
|
|
return
|
|
fi
|
|
echo "Copying nested executables into $dir"
|
|
for file in containerd containerd-shim ctr runc docker-init docker-proxy rootlesskit rootlesskit-docker-proxy dockerd-rootless.sh; do
|
|
cp -f `which "$file"` "$dir/"
|
|
if [ "$hash" == "hash" ]; then
|
|
hash_files "$dir/$file"
|
|
fi
|
|
done
|
|
|
|
# vpnkit is amd64 only
|
|
if which "vpnkit.$(uname -m)" 2>&1 >/dev/null; then
|
|
cp -f `which "vpnkit.$(uname -m)"` "$dir/vpnkit"
|
|
if [ "$hash" == "hash" ]; then
|
|
hash_files "$dir/vpnkit"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
[ -z "$KEEPDEST" ] && rm -rf "$DEST"
|
|
source "${MAKEDIR}/.binary"
|
|
copy_binaries "$DEST" 'hash'
|