dockerd-rootless.sh: support new containerd shim socket path convention#41156
Merged
tianon merged 1 commit intomoby:masterfrom Oct 15, 2020
Merged
Conversation
The new shim socket path convention hardcodes `/run/containerd`: containerd/containerd#4343 `dockerd-rootless.sh` is updated to hide the rootful `/run/containerd` from the mount namespace of the rootless dockerd. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Member
|
@AkihiroSuda still draft? |
Member
Author
|
The containerd PR isn't merged yet, but this PR can be merged safely now. PTAL. |
cpuguy83
reviewed
Oct 15, 2020
| # remove the symlinks for the existing files in the parent namespace if any, | ||
| # so that we can create our own files in our mount namespace. | ||
| rm -f /run/docker /run/xtables.lock | ||
| rm -f /run/docker /run/containerd /run/xtables.lock |
Member
There was a problem hiding this comment.
This I assume is in the new mount namespace, and therefore the tmpfs is not from the host?
Member
There was a problem hiding this comment.
Yeah, and it's not rm -r, so the potential impact if this happens to have a more "real" /run/containerd is low (it'll probably fail).
Member
Author
There was a problem hiding this comment.
Yes, it is a new mount namespace. /run/containerd being removed is a symlink to the root-owned /run/containerd in the parent namespace. So we can safely remove it without privileges.
Member
Author
|
Cherry-pick PR: #41557 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The new shim socket path convention hardcodes
/run/containerd: containerd/containerd#4343dockerd-rootless.shis updated to hide the rootful/run/containerdfrom the mount namespace of the rootless dockerd.