1
0
mirror of https://github.com/rancher/os.git synced 2025-08-23 17:08:18 +00:00

Support user Docker userns-remap (#63)

This commit is contained in:
Olli Janatuinen 2021-02-19 14:38:44 +02:00 committed by GitHub
parent af08844a9a
commit 0c950bd3ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 2 deletions

View File

@ -20,6 +20,11 @@ func (d *DockerConfig) FullArgs() []string {
if d.TLS {
args = append(args, d.TLSArgs...)
}
if d.UserNsEnabled {
args = append(args, "--userns-remap")
args = append(args, "user-docker:user-docker")
}
return args
}

View File

@ -143,6 +143,7 @@ var schema = `{
"selinux_enabled": {"type": ["boolean", "null"]},
"storage_driver": {"type": "string"},
"userland_proxy": {"type": ["boolean", "null"]},
"userns_enabled": {"type": ["boolean", "null"]},
"insecure_registry": {"$ref": "#/definitions/list_of_strings"}
}
},

View File

@ -197,6 +197,7 @@ type DockerConfig struct {
CAKey string `yaml:"ca_key,omitempty"`
Environment []string `yaml:"environment,omitempty"`
StorageContext string `yaml:"storage_context,omitempty"`
UserNsEnabled bool `yaml:"userns_enabled,omitempty"`
Exec bool `yaml:"exec,omitempty"`
}

View File

@ -39,7 +39,12 @@ RUN rm /sbin/poweroff /sbin/reboot /sbin/halt && \
rm -f /usr/share/bash-completion/completions/* && \
chmod 555 /lib/dhcpcd/dhcpcd-run-hooks && \
sed -i 1,10d /etc/rsyslog.conf && \
echo "*.* /var/log/syslog" >> /etc/rsyslog.conf
echo "*.* /var/log/syslog" >> /etc/rsyslog.conf && \
\
addgroup -g 1200 user-docker && \
adduser -u 1200 -G user-docker -S -H user-docker && \
echo 'user-docker:100000:65536' > /etc/subuid && \
echo 'user-docker:100000:65536' > /etc/subgid
# dump kernel log to console (but after we've finished booting)
# echo "kern.* /dev/console" >> /etc/rsyslog.conf

View File

@ -26,7 +26,12 @@ RUN apt-get update \
&& cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.tpl \
&& cat /etc/ssh/sshd_config.append.tpl >> /etc/ssh/sshd_config.tpl \
&& rm -f /etc/ssh/sshd_config.append.tpl /etc/ssh/sshd_config \
&& echo > /etc/motd
&& echo > /etc/motd \
\
&& addgroup --gid 1200 user-docker \
&& adduser --system -u 1200 --gid 1200 --disabled-login --no-create-home user-docker \
&& echo 'user-docker:100000:65536' > /etc/subuid \
&& echo 'user-docker:100000:65536' > /etc/subgid
COPY build/iscsid.conf /etc/iscsi/

View File

@ -136,6 +136,7 @@
"selinux_enabled": {"type": ["boolean", "null"]},
"storage_driver": {"type": "string"},
"userland_proxy": {"type": ["boolean", "null"]},
"userns_enabled": {"type": ["boolean", "null"]},
"insecure_registry": {"$ref": "#/definitions/list_of_strings"}
}
},