Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rootless: graduate from experimental #40759

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,6 @@ pipeline {
}
stage("Integration tests") {
environment {
DOCKER_EXPERIMENTAL = '1'
DOCKER_ROOTLESS = '1'
TEST_SKIP_INTEGRATION_CLI = '1'
}
Expand Down
22 changes: 10 additions & 12 deletions cmd/dockerd/daemon.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,20 +102,18 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {

if cli.Config.Experimental {
logrus.Warn("Running experimental build")
if cli.Config.IsRootless() {
logrus.Warn("Running in rootless mode. Cgroups, AppArmor, and CRIU are disabled.")
}
if rootless.RunningWithRootlessKit() {
logrus.Info("Running with RootlessKit integration")
if !cli.Config.IsRootless() {
return fmt.Errorf("rootless mode needs to be enabled for running with RootlessKit")
}
}
} else {
if cli.Config.IsRootless() {
return fmt.Errorf("rootless mode is supported only when running in experimental mode")
}

if cli.Config.IsRootless() {
logrus.Warn("Running in rootless mode. This mode has feature limitations.")
}
if rootless.RunningWithRootlessKit() {
logrus.Info("Running with RootlessKit integration")
if !cli.Config.IsRootless() {
return fmt.Errorf("rootless mode needs to be enabled for running with RootlessKit")
}
}

// return human-friendly error before creating files
if runtime.GOOS == "linux" && os.Geteuid() != 0 {
return fmt.Errorf("dockerd needs to be started with root. To see how to run dockerd in rootless mode with unprivileged user, see the documentation")
Expand Down
5 changes: 2 additions & 3 deletions contrib/dockerd-rootless.sh
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
#!/bin/sh
# dockerd-rootless.sh executes dockerd in rootless mode.
#
# Usage: dockerd-rootless.sh --experimental [DOCKERD_OPTIONS]
# Currently, specifying --experimental is mandatory.
# Usage: dockerd-rootless.sh [DOCKERD_OPTIONS]
#
# External dependencies:
# * newuidmap and newgidmap needs to be installed.
Expand All @@ -11,7 +10,7 @@
# slirp4netns is used by default if installed. Otherwise fallsback to VPNKit.
# The default value can be overridden with $DOCKERD_ROOTLESS_ROOTLESSKIT_NET=(slirp4netns|vpnkit|lxc-user-nic)
#
# See the documentation for the further information.
# See the documentation for the further information: https://docs.docker.com/engine/security/rootless/

set -e -x
if ! [ -w $XDG_RUNTIME_DIR ]; then
Expand Down
4 changes: 0 additions & 4 deletions hack/make/.integration-daemon-start
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,6 @@ fi

dockerd="dockerd"
if [ -n "$DOCKER_ROOTLESS" ]; then
if [ -z "$DOCKER_EXPERIMENTAL" ]; then
echo >&2 '# DOCKER_ROOTLESS requires DOCKER_EXPERIMENTAL to be set'
exit 1
fi
if [ -z "$TEST_SKIP_INTEGRATION_CLI" ]; then
echo >&2 '# DOCKER_ROOTLESS requires TEST_SKIP_INTEGRATION_CLI to be set'
exit 1
Expand Down
4 changes: 0 additions & 4 deletions hack/make/run
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,6 @@ fi
dockerd="dockerd"
socket=/var/run/docker.sock
if [ -n "$DOCKER_ROOTLESS" ]; then
if [ -z "$DOCKER_EXPERIMENTAL" ]; then
echo >&2 '# DOCKER_ROOTLESS requires DOCKER_EXPERIMENTAL to be set'
exit 1
fi
user="unprivilegeduser"
uid=$(id -u $user)
# shellcheck disable=SC2174
Expand Down
2 changes: 1 addition & 1 deletion testutil/daemon/daemon.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ func New(t testing.TB, ops ...Option) *Daemon {
t.Skip("DOCKER_ROOTLESS doesn't support DOCKER_USERLANDPROXY=false")
}
}
ops = append(ops, WithRootlessUser("unprivilegeduser"), WithExperimental())
ops = append(ops, WithRootlessUser("unprivilegeduser"))
}

d, err := NewDaemon(dest, ops...)
Expand Down