[master] recommend fuse-overlayfs for Debian too #572
Conversation
AkihiroSuda
force-pushed
the
recommend-fuse-overlayfs
branch
2 times, most recently
from
72715a8
to
bf951a1
Compare
This comment has been minimized.
This comment has been minimized.
Debian kernel has a non-upstream modprobe option `permit_mounts_in_userns=1` for kernel-mode overlayfs, but seems unstable: moby/moby issue 42302 So we should recommend fuse-overlayfs for Debian (until the release of Debian 12, which will support genuine kernel-mode overlayfs with kernel >= 5.11). Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
AkihiroSuda
force-pushed
the
recommend-fuse-overlayfs
branch
from
bf951a1
to
4f4b9d6
Compare
thaJeztah
changed the title
| # because Debian (since 10) and Ubuntu support the kernel-mode rootless overlayfs. | ||
| # fuse-overlayfs is recommended for Debian 10 and 11 (kernel < 5.11). Not needed for Ubuntu. | ||
| Recommends: slirp4netns (>= 0.4.0), | ||
| fuse-overlayfs (>= 0.7.0) |
There was a problem hiding this comment.
This control file is used for both Debian an Ubuntu; can we make this somehow conditional for Debian only? I recall we had some conditional rule for AppArmor on Debian that I removed in #487 - perhaps a similar rule would work for this?
There was a problem hiding this comment.
Modifying the file with echo ... >> control doesn't look robust. So I'd prefer to recommend fuse-overlayfs unconditionally.
There was a problem hiding this comment.
It's creating a .substvars file (not modifying the control file)
|
@tianon PTAL; perhaps you have suggestions on how to make this conditional for Debian (but not Ubuntu) in a clean way? |
|
Indeed - the approach that was removed in #487 ( Something like this: (untested 😇) diff --git a/deb/common/control b/deb/common/control
index 0b5ed4a..34de085 100644
--- a/deb/common/control
+++ b/deb/common/control
@@ -94,9 +94,8 @@ Conflicts: rootlesskit
Replaces: rootlesskit
Breaks: rootlesskit
# slirp4netns (>= 0.4.0) is available in Debian since 11 and Ubuntu since 19.10
-Recommends: slirp4netns (>= 0.4.0)
-# Unlike RPM, DEB packages do not contain "Recommends: fuse-overlayfs (>= 0.7.0)" here,
-# because Debian (since 10) and Ubuntu support the kernel-mode rootless overlayfs.
+# fuse-overlayfs is recommended for Debian 10 and 11 (kernel < 5.11). Not needed for Ubuntu.
+Recommends: slirp4netns (>= 0.4.0~), ${fuse-overlayfs:Recommends}
Description: Rootless support for Docker.
Use dockerd-rootless.sh to run the daemon.
Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh .
diff --git a/deb/common/rules b/deb/common/rules
index 9b495e9..50a95da 100755
--- a/deb/common/rules
+++ b/deb/common/rules
@@ -3,6 +3,11 @@
VERSION ?= $(shell cat engine/VERSION)
TARGET_ARCH = $(shell dpkg-architecture -qDEB_TARGET_ARCH)
+override_dh_gencontrol:
+ # if we're not on Ubuntu, we need to Recommends: fuse-overlayfs in docker-ce-rootless-extras
+ echo 'fuse-overlayfs:Recommends=$(shell dpkg-vendor --is Ubuntu || echo 'fuse-overlayfs (>= 0.7.0~)')' >> debian/docker-ce-rootless-extras.substvars
+ dh_gencontrol
+
# force packages to be built with xz compression, as Ubuntu 21.10 and up use
# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
override_dh_builddeb:(The trailing |
|
@AkihiroSuda could you have a look at Tianon's suggestion? |
Thanks, SGTM, but I haven't tested it |
|
Debian 12 is shipped with kernel 6.1, so I'm closing this |
Debian kernel has a non-upstream modprobe option
permit_mounts_in_userns=1for kernel-mode overlayfs, but seems unstable: moby/moby#42302So we should recommend fuse-overlayfs for Debian (until the release of Debian 12, which will support genuine kernel-mode overlayfs with kernel >= 5.11).