summaryrefslogtreecommitdiff
path: root/hack/dockerfile/install/rootlesskit.installer
Commit message (Collapse)AuthorAgeFilesLines
* rootlesskit.installer: s/vendor.conf/vendor.mod/Akihiro Suda2022-11-161-1/+1
| | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* update RootlessKit to v1.1.0Akihiro Suda2022-11-151-2/+2
| | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* update RootlessKit to v1.0.0Akihiro Suda2022-03-261-2/+2
| | | | | | | Only minor changes since v0.14.6, such as upgrading Go to 1.18: https://github.com/rootless-containers/rootlesskit/compare/v0.14.6...v1.0.0 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* version: add RootlessKit, slirp4netns, and VPNKit versionAkihiro Suda2022-03-151-1/+3
| | | | | | | | | | | | | | | | | | | | ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* bump up rootlesskit from v0.14.4 to v0.14.6Akihiro Suda2021-11-081-1/+1
| | | | | | | Minor fixes and refactoring. https://github.com/rootless-containers/rootlesskit/compare/v0.14.4...v0.14.6 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Dockerfile: use version for some utilities instead of commit-shaSebastiaan van Stijn2021-09-021-8/+3
| | | | | | | | | | | | | | | | The golangci-lint, gotestsum, shfmt, and vndr utilities should generally be ok to be pinned by version instead of a specific sha. Also rename the corresponding env-vars / build-args accordingly: - GOLANGCI_LINT_COMMIT -> GOLANGCI_LINT_VERSION - GOTESTSUM_COMMIT -> GOTESTSUM_VERSION - SHFMT_COMMIT -> SHFMT_VERSION - VNDR_COMMIT -> VNDR_VERSION - CONTAINERD_COMMIT -> CONTAINERD_VERSION - RUNC_COMMIT -> RUNC_VERSION - ROOTLESS_COMMIT -> ROOTLESS_VERSION Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Dockerfile: remove GOPROXY override (was for go < 1.14)Sebastiaan van Stijn2021-09-021-5/+0
| | | | Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* bump up rootlesskit to v0.14.4Akihiro Suda2021-08-041-2/+2
| | | | | | | | | | | Fixes `panic: tap2vif: read: read /dev/net/tun: not pollable` on early start up of RootlessKit with VPNKit. Changes: - https://github.com/rootless-containers/rootlesskit/releases/tag/v0.14.4 - https://github.com/rootless-containers/rootlesskit/releases/tag/v0.14.3 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* bump up rootlesskit to v0.14.2Akihiro Suda2021-04-191-2/+2
| | | | | | | | | Fix `Timed out proxy starting the userland proxy.` error with `DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns`. (https://github.com/rootless-containers/rootlesskit/issues/250) Full changes: https://github.com/rootless-containers/rootlesskit/compare/v0.14.1...v0.14.2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* bump up rootlesskit to v0.14.1Akihiro Suda2021-03-301-2/+2
| | | | | | | | Fix `DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns` regression. Full changes: https://github.com/rootless-containers/rootlesskit/compare/v0.14.0...v0.14.1 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Merge pull request #42192 from tiborvass/rootlesskit_goproxyAkihiro Suda2021-03-241-0/+5
|\ | | | | hack: use GOPROXY for rootlesskit to workaround issue with old git on…
| * hack: use GOPROXY for rootlesskit to workaround issue with old git on ↵Tibor Vass2021-03-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CentOS/RHEL 7 Since rootlesskit removed vendor folder, building it has to rely on go mod. Dockerfile in docker-ce-packaging uses GOPROXY=direct, which makes "go mod" commands use git to fetch modules. "go mod" in Go versions before 1.14.1 are incompatible with older git versions, including the version of git that ships with CentOS/RHEL 7 (which have git 1.8), see golang/go#38373 This patch switches rootlesskit install script to set GOPROXY to https://proxy.golang.org so that git is not required for downloading modules. Once all our code has upgraded to Go 1.14+, this workaround should be removed. Signed-off-by: Tibor Vass <tibor@docker.com>
* | update rootlesskit to v0.14.0Sebastiaan van Stijn2021-03-221-2/+2
|/ | | | | | | | | | | | | | | | | | | | | | | | | | full diff: https://github.com/rootless-containers/rootlesskit/compare/v0.13.1...v0.14.0 v0.14.0 Changes (since v0.13.2) -------------------------------------- - CLI: improve --help output - API: support GET /info - Port API: support specifying IP version explicitly ("tcp4", "tcp6") - rootlesskit-docker-proxy: support libnetwork >= 20201216 convention - Allow vendoring with moby/sys/mountinfo@v0.1.3 as well as @v0.4.0 - Remove socat port driver - socat driver has been deprecated since v0.7.1 (Dec 2019) - New experimental flag: --ipv6 - Enables IPv6 routing (slirp4netns --enable-ipv6). Unrelated to port driver. v0.13.2 -------------------------------------- - Fix cleaning up crashed state dir - Update Go to 1.16 - Misc fixes Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Update rootlesskit to v0.13.1 to fix handling of IPv6 addressesSebastiaan van Stijn2021-02-151-5/+6
| | | | | | | | | | | | | | | | | | v0.13.1 - Refactor `ParsePortSpec` to handle IPv6 addresses, and improve validation v0.13.0 - `rootlesskit --pidns`: fix propagating exit status - Support cgroup2 evacuation, e.g., `systemd-run -p Delegate=yes --user -t rootlesskit --cgroupns --pidns --evacuate-cgroup2=evac --net=slirp4netns bash` v0.12.0 - Port forwarding API now supports setting `ChildIP` - The `vendor` directory is no longer included in this repo. Run `go mod vendor` if you need Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* bump up rootlesskit to v0.11.0Akihiro Suda2020-11-051-2/+2
| | | | | | | | | Important fix: Lock state dir for preventing automatic clean-up by systemd-tmpfiles (https://github.com/rootless-containers/rootlesskit/pull/188) Full changes:https://github.com/rootless-containers/rootlesskit/compare/v0.10.0...v0.11.0 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* bump up rootlesskit to v0.10.0Akihiro Suda2020-07-281-2/+2
| | | | | | | | Fix port forwarder resource leak (https://github.com/rootless-containers/rootlesskit/issues/153). Changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.5...v0.10.0 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* ldmode=pie is not supported for the mips archXiaodong Liu2020-05-211-1/+1
| | | | | | | | reference: https://github.com/docker/cli/pull/2507 https://github.com/containerd/containerd/commit/4c99c81326f4026fb8c0b8c5e10542205d99c321 Signed-off-by: Xiaodong Liu <liuxiaodong@loongson.cn>
* bump up rootlesskit to v0.9.5Akihiro Suda2020-05-111-2/+2
| | | | | | | | | Supports numeric ID in /etc/subuid and /etc/subgid . Fix #40926 Full changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.4...v0.9.5 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* bump up rootlesskit to v0.9.4Akihiro Suda2020-04-271-2/+2
| | | | | | | | | Now `rootlesskit-docker-proxy` returns detailed error message on exposing privileged ports: https://github.com/rootless-containers/rootlesskit/pull/136 Full changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.2...v0.9.4 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootless: support forwarding signals from RootlessKit to dockerdAkihiro Suda2020-03-151-2/+2
| | | | | | | | See https://github.com/rootless-containers/rootlesskit/pull/127 RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.1...v0.9.2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootless: launch rootlesskit with --propagation=rslaveAkihiro Suda2020-03-071-2/+2
| | | | | | | | | | The propagation was previously set to rprivate and didn't propagate mounts from the host mount namespace into the daemon's mount namespace. Further information about --propagation: https://github.com/rootless-containers/rootlesskit/tree/v0.9.1#mount-propagation RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/v0.8.0...v0.9.1 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* run shfmtAkihiro Suda2020-03-031-11/+11
| | | | | | git grep --name-only '^#!' | egrep -v '(vendor|\.go|Jenkinsfile)' | xargs shfmt -w -bn -ci -sr Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootless: support `--exec-opt native.cgroupdriver=systemd`Akihiro Suda2020-02-141-2/+2
| | | | | | | | | Support cgroup as in Rootless Podman. Requires cgroup v2 host with crun. Tested with Ubuntu 19.10 (kernel 5.3, systemd 242), crun v0.12.1. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootless: fix proxying UDP packetsAkihiro Suda2019-12-181-2/+2
| | | | | | | | | | UDP reply packets were not proxied: https://github.com/rootless-containers/rootlesskit/issues/86 The issue was fixed in RootlessKit v0.7.1: https://github.com/rootless-containers/rootlesskit/pull/87 Full changes since v0.7.0: https://github.com/rootless-containers/rootlesskit/compare/v0.7.0...v0.7.1 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Use build args to override binary commits in dockerfileJusten Martin2019-10-101-1/+1
| | | | Signed-off-by: Justen Martin <jmart@the-coder.com>
* rootless: harden slirp4netns with mount namespace and seccompAkihiro Suda2019-09-021-2/+2
| | | | | | | | | | When slirp4netns v0.4.0+ is used, now slirp4netns is hardened using mount namespace ("sandbox") and seccomp to mitigate potential vulnerabilities. bump up rootlesskit: https://github.com/rootless-containers/rootlesskit/compare/2fcff6ceae968a1d895e6205e5154b107247356f...791ac8cb209a107505cd1ca5ddf23a49913e176c Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootless: allow exposing dockerd TCP socket easilyAkihiro Suda2019-07-111-2/+2
| | | | | | | | | | | | | | eg. $ DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp" \ dockerd-rootless.sh --experimental \ -H tcp://0.0.0.0:2376 \ --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem This commit bumps up RootlessKit from v0.4.1 to v0.6.0: https://github.com/rootless-containers/rootlesskit/compare/27a0c7a2483732b33d4192c1d178c83c6b9e202d...2fcff6ceae968a1d895e6205e5154b107247356f Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* bump up rootlesskit to v0.4.1Akihiro Suda2019-05-151-2/+2
| | | | | | | | Now the child process is killed when the parent dies (rootless-containers/rootlesskit#66) https://github.com/rootless-containers/rootlesskit/compare/e92d5e7...27a0c7a Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootless: optional support for lxc-user-nic SUID binaryAkihiro Suda2019-04-251-2/+2
| | | | | | | | | | | lxc-user-nic can eliminate slirp overhead but needs /etc/lxc/lxc-usernet to be configured for the current user. To use lxc-user-nic, $DOCKERD_ROOTLESS_ROOTLESSKIT_NET=lxc-user-nic also needs to be set. This commit also bumps up RootlessKit from v0.3.0 to v0.4.0: https://github.com/rootless-containers/rootlesskit/compare/70e0502f328bc5ffb14692a7ea41abb77196043b...e92d5e772ee7e103aecf380c5874a40c52876ff0 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* bump up rootlesskitAkihiro Suda2019-04-031-2/+2
| | | | | | | | Changes: https://github.com/rootless-containers/rootlesskit/compare/ed2671442965115b84ecf82d4831cc48747d89b8...70e0502f328bc5ffb14692a7ea41abb77196043b Contains the fix for running RootlessKit+VPNKit instances simultaneously with multiple users: https://github.com/rootless-containers/rootlesskit/issues/56 Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* rootless: expose ports automaticallyAkihiro Suda2019-03-211-3/+5
| | | | | | | | | | | | | Now `docker run -p` ports can be exposed to the host namespace automatically when `dockerd-rootless.sh` is launched with `--userland-proxy --userland-proxy-path $(which rootlesskit-docker-proxy)`. This is akin to how Docker for Mac/Win works with `--userland-proxy-path=/path/to/vpnkit-expose-port`. The port number on the host namespace needs to be set to >= 1024. SCTP ports are currently unsupported. RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/7bbbc48a6f906633a9b12783b957f4c3aa037d33...ed2671442965115b84ecf82d4831cc48747d89b8 Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* bump up rootlesskit (fix CentOS failure)Akihiro Suda2019-02-141-2/+2
| | | | | | | Changes: https://github.com/rootless-containers/rootlesskit/compare/7905ee34b3d9d1f27fe2ffa3c5fd3d01bb3644dd...7bbbc48a6f906633a9b12783b957f4c3aa037d33 Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* bump up rootlesskit (fix armv7 compilation failure)Akihiro Suda2019-02-051-2/+2
| | | | | | https://github.com/rootless-containers/rootlesskit/issues/41 Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* allow running `dockerd` in an unprivileged user namespace (rootless mode)Akihiro Suda2019-02-041-0/+34
Please refer to `docs/rootless.md`. TLDR: * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you * `dockerd-rootless.sh --experimental` * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...` Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
View Lorry Controller Status