dockerd-rootless-setuptool.sh: add `nsenter` subcommand (for debugging) #47084

AkihiroSuda · 2024-01-16T15:17:28Z

- What I did
Added nsenter subcommand to dockerd-rootless-setuptool.sh.

Expected to be used for debugging.

- How I did it
Ported containerd-rootless-setuptool.sh nsenter (part of nerdctl) to dockerd-rootless-setuptool.sh
https://github.com/containerd/nerdctl/blob/v1.7.2/extras/rootless/containerd-rootless-setuptool.sh#L142-L147

- How to verify it

$ dockerd-rootless-setuptool.sh nsenter -- ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65520 qdisc pfifo_fast state UP group default qlen 1000
    link/ether ae:c3:a3:20:53:3e brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.100/24 scope global tap0
       valid_lft forever preferred_lft forever
    inet6 fe80::acc3:a3ff:fe20:533e/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:a6:36:b0:a9 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

$ dockerd-rootless-setuptool.sh nsenter -- cat /proc/self/uid_map 
         0       1001          1
         1     100000      65536
     65537     200000      65536

- Description for the changelog

dockerd-rootless-setuptool.sh: add nsenter subcommand (for debugging)

- A picture of a cute animal (not mandatory but encouraged)
🐧

thaJeztah · 2024-01-16T17:54:46Z

Some failures; not sure if related in any way; perhaps you could try a rebase to get a fresh run?

XDG_RUNTIME_DIR will contain sockets so its path mustn't be too long. Prior to this commit, it was set to very long path like `/go/src/github.com/docker/docker/bundles/test-integration/TestDiskUsage/de4fb36576d7d/xdgrun` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

Now the state dir is set to `${XDG_RUNTIME_DIR}/dockerd-rootless`. This is similar to `${XDG_RUNTIME_DIR}/containerd-rootless` used in nerdctl: https://github.com/containerd/nerdctl/blob/v1.7.2/extras/rootless/containerd-rootless.sh#L35 Prior to this commit, the state dir was unset and a random dir under `/tmp` was used. (e.g., `/tmp/rootlesskit1869901982`) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

Usage: `dockerd-rootless-setuptool.sh nsenter -- ip a` Expected to be used for debugging. Ported from nerdctl's `containerd-rootless-setuptool.sh` https://github.com/containerd/nerdctl/blob/v1.7.2/extras/rootless/containerd-rootless-setuptool.sh#L142-L147 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

AkihiroSuda · 2024-01-17T15:08:28Z

Now CI is green

(I had to add testutil/daemon: shorten XDG_RUNTIME_DIR)

thaJeztah · 2024-01-17T15:15:43Z

Arf.. those "too long" paths keep on coming back. Perhaps something we should look into at some point (maybe use some short temp-dir somewhere for test-daemons to put the socket in).

In either case, that's a separate concern, good for handling separate / follow up work.

thaJeztah

LGTM

AkihiroSuda added the area/rootless Rootless mode label Jan 16, 2024

AkihiroSuda added this to the 25.0.0 milestone Jan 16, 2024

AkihiroSuda changed the title ~~dockerd-rootless-setuptool.sh: add nsenter subcommand~~ dockerd-rootless-setuptool.sh: add nsenter subcommand (for debugging) Jan 16, 2024

AkihiroSuda force-pushed the dockerd-rootless-setuptool-nsenter branch 2 times, most recently from 623b25f to 3273731 Compare January 16, 2024 15:19

thaJeztah added the status/2-code-review label Jan 16, 2024

AkihiroSuda force-pushed the dockerd-rootless-setuptool-nsenter branch from 3273731 to 054ad0a Compare January 17, 2024 03:19

AkihiroSuda marked this pull request as draft January 17, 2024 03:38

AkihiroSuda force-pushed the dockerd-rootless-setuptool-nsenter branch from 054ad0a to 4bf86fb Compare January 17, 2024 13:47

AkihiroSuda added 3 commits January 17, 2024 22:59

AkihiroSuda force-pushed the dockerd-rootless-setuptool-nsenter branch from 4bf86fb to 84d2229 Compare January 17, 2024 13:59

AkihiroSuda marked this pull request as ready for review January 17, 2024 15:08

thaJeztah approved these changes Jan 17, 2024

View reviewed changes

thaJeztah merged commit 83de55b into moby:master Jan 17, 2024
105 checks passed

thaJeztah added the kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. label Jan 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dockerd-rootless-setuptool.sh: add `nsenter` subcommand (for debugging) #47084

dockerd-rootless-setuptool.sh: add `nsenter` subcommand (for debugging) #47084

AkihiroSuda commented Jan 16, 2024

thaJeztah commented Jan 16, 2024

AkihiroSuda commented Jan 17, 2024 •

edited

thaJeztah commented Jan 17, 2024

thaJeztah left a comment

dockerd-rootless-setuptool.sh: add nsenter subcommand (for debugging) #47084

dockerd-rootless-setuptool.sh: add nsenter subcommand (for debugging) #47084

Conversation

AkihiroSuda commented Jan 16, 2024

thaJeztah commented Jan 16, 2024

AkihiroSuda commented Jan 17, 2024 • edited

thaJeztah commented Jan 17, 2024

thaJeztah left a comment

Choose a reason for hiding this comment

dockerd-rootless-setuptool.sh: add `nsenter` subcommand (for debugging) #47084

dockerd-rootless-setuptool.sh: add `nsenter` subcommand (for debugging) #47084

AkihiroSuda commented Jan 17, 2024 •

edited