Skip to content

Commit

Permalink
Merge pull request #887 from AkihiroSuda/avoid-unneeded-userns-host
Browse files Browse the repository at this point in the history
docker-container: set UsernsMode only when needed
  • Loading branch information
tonistiigi authored Dec 16, 2021
2 parents 33c121d + 5f8600f commit 59533bb
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
5 changes: 4 additions & 1 deletion driver/docker-container/driver.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ const (
type Driver struct {
driver.InitConfig
factory driver.Factory
userNSRemap bool // true if dockerd is running with userns-remap mode
netMode string
image string
cgroupParent string
Expand Down Expand Up @@ -112,7 +113,6 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
if err := l.Wrap("creating container "+d.Name, func() error {
hc := &container.HostConfig{
Privileged: true,
UsernsMode: "host",
Mounts: []mount.Mount{
{
Type: mount.TypeVolume,
Expand All @@ -121,6 +121,9 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
},
},
}
if d.userNSRemap {
hc.UsernsMode = "host"
}
if d.netMode != "" {
hc.NetworkMode = container.NetworkMode(d.netMode)
}
Expand Down
15 changes: 15 additions & 0 deletions driver/docker-container/factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"strings"

"github.com/docker/buildx/driver"
dockertypes "github.com/docker/docker/api/types"
dockerclient "github.com/docker/docker/client"
"github.com/pkg/errors"
)
Expand Down Expand Up @@ -40,6 +41,20 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
return nil, errors.Errorf("%s driver requires docker API access", f.Name())
}
d := &Driver{factory: f, InitConfig: cfg}
dockerInfo, err := cfg.DockerAPI.Info(ctx)
if err != nil {
return nil, err
}
secOpts, err := dockertypes.DecodeSecurityOptions(dockerInfo.SecurityOptions)
if err != nil {
return nil, err
}
for _, f := range secOpts {
if f.Name == "userns" {
d.userNSRemap = true
break
}
}
for k, v := range cfg.DriverOpts {
switch {
case k == "network":
Expand Down

0 comments on commit 59533bb

Please sign in to comment.