Add userns_mode docker config option

Fixes #1904
hashicorp · Nov 4, 2016 · 9750b8c · 9750b8c
1 parent 93cd6d5
commit 9750b8c
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -39,6 +39,7 @@ IMPROVEMENTS:
   * driver/docker: Docker For Mac support [GH-1806]
   * driver/docker: Support Docker volumes [GH-1767]
   * driver/docker: Allow Docker logging to be configured [GH-1767]
+  * driver/docker: Add `userns_mode` (`--userns`) support [GH-]
   * driver/lxc: Support for LXC containers [GH-1699]
   * driver/rkt: Support network configurations [GH-1862]
   * driver/rkt: Support rkt volumes (rkt >= 1.0.0 required) [GH-1812]

diff --git a/client/driver/docker.go b/client/driver/docker.go
@@ -103,6 +103,7 @@ type DockerDriverConfig struct {
 	NetworkMode      string              `mapstructure:"network_mode"`       // The network mode of the container - host, nat and none
 	PidMode          string              `mapstructure:"pid_mode"`           // The PID mode of the container - host and none
 	UTSMode          string              `mapstructure:"uts_mode"`           // The UTS mode of the container - host and none
+	UsernsMode       string              `mapstructure:"userns_mode"`        // The User namespace mode of the container - host and none
 	PortMapRaw       []map[string]int    `mapstructure:"port_map"`           //
 	PortMap          map[string]int      `mapstructure:"-"`                  // A map of host port labels and the ports exposed on the container
 	Privileged       bool                `mapstructure:"privileged"`         // Flag to run the container in privileged mode
@@ -215,6 +216,9 @@ func (d *DockerDriver) Validate(config map[string]interface{}) error {
 			"uts_mode": &fields.FieldSchema{
 				Type: fields.TypeString,
 			},
+			"userns_mode": &fields.FieldSchema{
+				Type: fields.TypeString,
+			},
 			"port_map": &fields.FieldSchema{
 				Type: fields.TypeArray,
 			},
@@ -543,6 +547,7 @@ func (d *DockerDriver) createContainer(ctx *ExecContext, task *structs.Task,
 	hostConfig.IpcMode = driverConfig.IpcMode
 	hostConfig.PidMode = driverConfig.PidMode
 	hostConfig.UTSMode = driverConfig.UTSMode
+	hostConfig.UsernsMode = driverConfig.UsernsMode
 
 	hostConfig.NetworkMode = driverConfig.NetworkMode
 	if hostConfig.NetworkMode == "" {

diff --git a/website/source/docs/drivers/docker.html.md b/website/source/docs/drivers/docker.html.md
@@ -114,6 +114,10 @@ The `docker` driver supports the following configuration in the job spec:
   the UTS namespace with the host. Note that this also requires the Nomad agent
   to be configured to allow privileged containers.
 
+* `userns_mode` - (Optional) `host` or not set (default). Set to `host` to use
+  the host's user namespace when user namespace remapping is enabled on the
+  docker daemon.
+
 * `network_mode` - (Optional) The network mode to be used for the container. In
   order to support userspace networking plugins in Docker 1.9 this accepts any
   value. The default is `bridge` for all operating systems but Windows, which