From 7d08d84b039d2f4661a2242e765a141e65943920 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 16 Jan 2024 23:56:04 +0900 Subject: [PATCH] dockerd-rootless.sh: set `rootlesskit --state-dir=DIR` Now the state dir is set to `${XDG_RUNTIME_DIR}/dockerd-rootless`. This is similar to `${XDG_RUNTIME_DIR}/containerd-rootless` used in nerdctl: https://github.com/containerd/nerdctl/blob/v1.7.2/extras/rootless/containerd-rootless.sh#L35 Prior to this commit, the state dir was unset and a random dir under `/tmp` was used. (e.g., `/tmp/rootlesskit1869901982`) Signed-off-by: Akihiro Suda --- contrib/dockerd-rootless.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/dockerd-rootless.sh b/contrib/dockerd-rootless.sh index 032a13013cfc6..0baa112e2c36c 100755 --- a/contrib/dockerd-rootless.sh +++ b/contrib/dockerd-rootless.sh @@ -9,6 +9,7 @@ # * Either one of slirp4netns (>= v0.4.0), VPNKit, lxc-user-nic needs to be installed. # # Recognized environment variables: +# * DOCKERD_ROOTLESS_ROOTLESSKIT_STATE_DIR=DIR: the rootlesskit state dir. Defaults to "$XDG_RUNTIME_DIR/dockerd-rootless". # * DOCKERD_ROOTLESS_ROOTLESSKIT_NET=(slirp4netns|vpnkit|pasta|lxc-user-nic): the rootlesskit network driver. Defaults to "slirp4netns" if slirp4netns (>= v0.4.0) is installed. Otherwise defaults to "vpnkit". # * DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=NUM: the MTU value for the rootlesskit network driver. Defaults to 65520 for slirp4netns, 1500 for other drivers. # * DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=(builtin|slirp4netns|implicit): the rootlesskit port driver. Defaults to "builtin". @@ -64,6 +65,7 @@ if [ -z "$rootlesskit" ]; then exit 1 fi +: "${DOCKERD_ROOTLESS_ROOTLESSKIT_STATE_DIR:=$XDG_RUNTIME_DIR/dockerd-rootless}" : "${DOCKERD_ROOTLESS_ROOTLESSKIT_NET:=}" : "${DOCKERD_ROOTLESS_ROOTLESSKIT_MTU:=}" : "${DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER:=builtin}" @@ -119,6 +121,7 @@ if [ -z "$_DOCKERD_ROOTLESS_CHILD" ]; then # (by either systemd-networkd or NetworkManager) # * /run: copy-up is required so that we can create /run/docker (hardcoded for plugins) in our namespace exec $rootlesskit \ + --state-dir=$DOCKERD_ROOTLESS_ROOTLESSKIT_STATE_DIR \ --net=$net --mtu=$mtu \ --slirp4netns-sandbox=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX \ --slirp4netns-seccomp=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP \