Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

Commit

Permalink
Merge component 'engine' from [email protected]:docker/engine 19.03
Browse files Browse the repository at this point in the history
  • Loading branch information
@GordonTheTurtle
GordonTheTurtle committed May 14, 2020
2 parents 4588637 + 23743ee commit 9d98839
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 7 deletions.
10 changes: 5 additions & 5 deletions components/engine/contrib/dockerd-rootless.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# External dependencies:
# * newuidmap and newgidmap needs to be installed.
# * /etc/subuid and /etc/subgid needs to be configured for the current user.
# * Either one of slirp4netns (v0.3+), VPNKit, lxc-user-nic needs to be installed.
# * Either one of slirp4netns (>= v0.4.0), VPNKit, lxc-user-nic needs to be installed.
# slirp4netns is used by default if installed. Otherwise fallsback to VPNKit.
# The default value can be overridden with $DOCKERD_ROOTLESS_ROOTLESSKIT_NET=(slirp4netns|vpnkit|lxc-user-nic)
#
Expand Down Expand Up @@ -37,27 +37,27 @@ fi

: "${DOCKERD_ROOTLESS_ROOTLESSKIT_NET:=}"
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_MTU:=}"
# if slirp4netns v0.4.0+ is installed, slirp4netns is hardened using sandbox (mount namespace) and seccomp
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX:=auto}"
: "${DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP:=auto}"
net=$DOCKERD_ROOTLESS_ROOTLESSKIT_NET
mtu=$DOCKERD_ROOTLESS_ROOTLESSKIT_MTU
if [ -z $net ]; then
if which slirp4netns >/dev/null 2>&1; then
if slirp4netns --help | grep -- --disable-host-loopback; then
# If --netns-type is present in --help, slirp4netns is >= v0.4.0.
if slirp4netns --help | grep -qw -- --netns-type; then
net=slirp4netns
if [ -z $mtu ]; then
mtu=65520
fi
else
echo "slirp4netns does not support --disable-host-loopback. Falling back to VPNKit."
echo "slirp4netns found but seems older than v0.4.0. Falling back to VPNKit."
fi
fi
if [ -z $net ]; then
if which vpnkit >/dev/null 2>&1; then
net=vpnkit
else
echo "Either slirp4netns (v0.3+) or vpnkit needs to be installed"
echo "Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed"
exit 1
fi
fi
Expand Down
8 changes: 6 additions & 2 deletions components/engine/pkg/archive/archive_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,9 @@ func mknodChar0Overlay(cleansedOriginalPath string) error {
if err := ioutil.WriteFile(lowerDummy, []byte{}, 0600); err != nil {
return errors.Wrapf(err, "failed to create a dummy lower file %s", lowerDummy)
}
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lower, upper, work)
// lowerdir needs ":" to be escaped: https://github.com/moby/moby/issues/40939#issuecomment-627098286
lowerEscaped := strings.ReplaceAll(lower, ":", "\\:")
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerEscaped, upper, work)
// docker/pkg/mount.Mount() requires procfs to be mounted. So we use syscall.Mount() directly instead.
if err := syscall.Mount("overlay", merged, "overlay", uintptr(0), mOpts); err != nil {
return errors.Wrapf(err, "failed to mount overlay (%s) on %s", mOpts, merged)
Expand Down Expand Up @@ -236,7 +238,9 @@ func createDirWithOverlayOpaque(tmp string) (string, error) {
if err := os.MkdirAll(lowerDummy, 0700); err != nil {
return "", errors.Wrapf(err, "failed to create a dummy lower directory %s", lowerDummy)
}
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lower, upper, work)
// lowerdir needs ":" to be escaped: https://github.com/moby/moby/issues/40939#issuecomment-627098286
lowerEscaped := strings.ReplaceAll(lower, ":", "\\:")
mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerEscaped, upper, work)
// docker/pkg/mount.Mount() requires procfs to be mounted. So we use syscall.Mount() directly instead.
if err := syscall.Mount("overlay", merged, "overlay", uintptr(0), mOpts); err != nil {
return "", errors.Wrapf(err, "failed to mount overlay (%s) on %s", mOpts, merged)
Expand Down

0 comments on commit 9d98839

Please sign in to comment.