From 9750b8c8f73994a209e2db9529fca4325b90e5d3 Mon Sep 17 00:00:00 2001 From: Michael Schurter Date: Fri, 4 Nov 2016 16:53:56 -0700 Subject: [PATCH] Add userns_mode docker config option Fixes #1904 --- CHANGELOG.md | 1 + client/driver/docker.go | 5 +++++ website/source/docs/drivers/docker.html.md | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a2b2335d280..ec67367613ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -39,6 +39,7 @@ IMPROVEMENTS: * driver/docker: Docker For Mac support [GH-1806] * driver/docker: Support Docker volumes [GH-1767] * driver/docker: Allow Docker logging to be configured [GH-1767] + * driver/docker: Add `userns_mode` (`--userns`) support [GH-] * driver/lxc: Support for LXC containers [GH-1699] * driver/rkt: Support network configurations [GH-1862] * driver/rkt: Support rkt volumes (rkt >= 1.0.0 required) [GH-1812] diff --git a/client/driver/docker.go b/client/driver/docker.go index de6364ca6448..4a08aaa4a656 100644 --- a/client/driver/docker.go +++ b/client/driver/docker.go @@ -103,6 +103,7 @@ type DockerDriverConfig struct { NetworkMode string `mapstructure:"network_mode"` // The network mode of the container - host, nat and none PidMode string `mapstructure:"pid_mode"` // The PID mode of the container - host and none UTSMode string `mapstructure:"uts_mode"` // The UTS mode of the container - host and none + UsernsMode string `mapstructure:"userns_mode"` // The User namespace mode of the container - host and none PortMapRaw []map[string]int `mapstructure:"port_map"` // PortMap map[string]int `mapstructure:"-"` // A map of host port labels and the ports exposed on the container Privileged bool `mapstructure:"privileged"` // Flag to run the container in privileged mode @@ -215,6 +216,9 @@ func (d *DockerDriver) Validate(config map[string]interface{}) error { "uts_mode": &fields.FieldSchema{ Type: fields.TypeString, }, + "userns_mode": &fields.FieldSchema{ + Type: fields.TypeString, + }, "port_map": &fields.FieldSchema{ Type: fields.TypeArray, }, @@ -543,6 +547,7 @@ func (d *DockerDriver) createContainer(ctx *ExecContext, task *structs.Task, hostConfig.IpcMode = driverConfig.IpcMode hostConfig.PidMode = driverConfig.PidMode hostConfig.UTSMode = driverConfig.UTSMode + hostConfig.UsernsMode = driverConfig.UsernsMode hostConfig.NetworkMode = driverConfig.NetworkMode if hostConfig.NetworkMode == "" { diff --git a/website/source/docs/drivers/docker.html.md b/website/source/docs/drivers/docker.html.md index bcf87734391e..661e58effffa 100644 --- a/website/source/docs/drivers/docker.html.md +++ b/website/source/docs/drivers/docker.html.md @@ -114,6 +114,10 @@ The `docker` driver supports the following configuration in the job spec: the UTS namespace with the host. Note that this also requires the Nomad agent to be configured to allow privileged containers. +* `userns_mode` - (Optional) `host` or not set (default). Set to `host` to use + the host's user namespace when user namespace remapping is enabled on the + docker daemon. + * `network_mode` - (Optional) The network mode to be used for the container. In order to support userspace networking plugins in Docker 1.9 this accepts any value. The default is `bridge` for all operating systems but Windows, which