Skip to content

Update docker #6448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yosifkit merged 1 commit into from
Aug 12, 2019
Merged

Update docker #6448

yosifkit merged 1 commit into from
Aug 12, 2019

Conversation

@tianon
Copy link
Member

@tianon tianon commented Aug 12, 2019

Changes:

@docker-library-bot
Update docker
3feb48b 
Changes:

- docker-library/docker@692a2f3: Merge pull request docker-library/docker#185 from infosiftr/relax-rootless-preflight
- docker-library/docker@92d278e: Relax "pre-flight" checks for rootless
@yosifkit
Copy link
Member

yosifkit commented Aug 12, 2019

Diff: 
diff --git a/docker_18-dind/dockerd-entrypoint.sh b/docker_18-dind/dockerd-entrypoint.sh
index f64b47c..8015b39 100755
--- a/docker_18-dind/dockerd-entrypoint.sh
+++ b/docker_18-dind/dockerd-entrypoint.sh
@@ -156,11 +156,11 @@ if [ "$1" = 'dockerd' ]; then
 			echo >&2 "error: attempting to run rootless dockerd but need writable HOME ($HOME) and XDG_RUNTIME_DIR ($XDG_RUNTIME_DIR) for user $uid"
 			exit 1
 		fi
-		if ! unprivClone="$(cat /proc/sys/kernel/unprivileged_userns_clone || :)" || [ "$unprivClone" != '1' ]; then
+		if [ -f /proc/sys/kernel/unprivileged_userns_clone ] && unprivClone="$(cat /proc/sys/kernel/unprivileged_userns_clone)" && [ "$unprivClone" != '1' ]; then
 			echo >&2 "error: attempting to run rootless dockerd but need 'kernel.unprivileged_userns_clone' (/proc/sys/kernel/unprivileged_userns_clone) set to 1"
 			exit 1
 		fi
-		if ! maxUserns="$(cat /proc/sys/user/max_user_namespaces || :)" || [ "$maxUserns" = '0' ]; then
+		if [ -f /proc/sys/user/max_user_namespaces ] && maxUserns="$(cat /proc/sys/user/max_user_namespaces)" && [ "$maxUserns" = '0' ]; then
 			echo >&2 "error: attempting to run rootless dockerd but need 'user.max_user_namespaces' (/proc/sys/user/max_user_namespaces) set to a sufficiently large value"
 			exit 1
 		fi
diff --git a/docker_dind/dockerd-entrypoint.sh b/docker_dind/dockerd-entrypoint.sh
index f64b47c..8015b39 100755
--- a/docker_dind/dockerd-entrypoint.sh
+++ b/docker_dind/dockerd-entrypoint.sh
@@ -156,11 +156,11 @@ if [ "$1" = 'dockerd' ]; then
 			echo >&2 "error: attempting to run rootless dockerd but need writable HOME ($HOME) and XDG_RUNTIME_DIR ($XDG_RUNTIME_DIR) for user $uid"
 			exit 1
 		fi
-		if ! unprivClone="$(cat /proc/sys/kernel/unprivileged_userns_clone || :)" || [ "$unprivClone" != '1' ]; then
+		if [ -f /proc/sys/kernel/unprivileged_userns_clone ] && unprivClone="$(cat /proc/sys/kernel/unprivileged_userns_clone)" && [ "$unprivClone" != '1' ]; then
 			echo >&2 "error: attempting to run rootless dockerd but need 'kernel.unprivileged_userns_clone' (/proc/sys/kernel/unprivileged_userns_clone) set to 1"
 			exit 1
 		fi
-		if ! maxUserns="$(cat /proc/sys/user/max_user_namespaces || :)" || [ "$maxUserns" = '0' ]; then
+		if [ -f /proc/sys/user/max_user_namespaces ] && maxUserns="$(cat /proc/sys/user/max_user_namespaces)" && [ "$maxUserns" = '0' ]; then
 			echo >&2 "error: attempting to run rootless dockerd but need 'user.max_user_namespaces' (/proc/sys/user/max_user_namespaces) set to a sufficiently large value"
 			exit 1
 		fi

@yosifkit
Copy link
Member

yosifkit commented Aug 12, 2019

Build test of #6448; 3feb48b; amd64 (docker):

$ bashbrew build docker:19.03.1
Using bashbrew/cache:7b9ddf393e2446eec3a237dd2d9f3e48eac55d009227af11d1eefb1b05484b51 (docker:19.03.1)
Tagging docker:19.03.1
Tagging docker:19.03
Tagging docker:19
Tagging docker:stable
Tagging docker:test
Tagging docker:latest

$ test/run.sh docker:19.03.1
testing docker:19.03.1
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build docker:19.03.1-dind
Using bashbrew/cache:542a2219ded5166047b8e71494aeb6c018dbc191df104e35b4b2cc3f73f8f8a2 (docker:19.03.1-dind)
Tagging docker:19.03.1-dind
Tagging docker:19.03-dind
Tagging docker:19-dind
Tagging docker:stable-dind
Tagging docker:test-dind
Tagging docker:dind

$ test/run.sh docker:19.03.1-dind
testing docker:19.03.1-dind
	'utc' [1/6]...passed
	'cve-2014--shellshock' [2/6]...passed
	'no-hard-coded-passwords' [3/6]...passed
	'override-cmd' [4/6]...passed
	'docker-dind' [5/6]....passed
	'docker-registry-push-pull' [6/6]....passed


$ bashbrew build docker:19.03.1-dind-rootless
Using bashbrew/cache:dac363b32ec0444e5a5c9f923dca9b97c3cc49a6c7eb6ce9e7eb670a2016c2f6 (docker:19.03.1-dind-rootless)
Tagging docker:19.03.1-dind-rootless
Tagging docker:19.03-dind-rootless
Tagging docker:19-dind-rootless
Tagging docker:stable-dind-rootless
Tagging docker:test-dind-rootless
Tagging docker:dind-rootless

$ test/run.sh docker:19.03.1-dind-rootless
testing docker:19.03.1-dind-rootless
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build docker:19.03.1-git
Using bashbrew/cache:450e3f17e873fb28e0d6c5e121a7d87e8e5dc8a937124f6b92e4ab747e746e66 (docker:19.03.1-git)
Tagging docker:19.03.1-git
Tagging docker:19.03-git
Tagging docker:19-git
Tagging docker:stable-git
Tagging docker:test-git
Tagging docker:git

$ test/run.sh docker:19.03.1-git
testing docker:19.03.1-git
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build docker:18.09.8
Using bashbrew/cache:5d0587aa2ca4fb2e0018e9e401d439933931636c7210bac94c053299eebf1208 (docker:18.09.8)
Tagging docker:18.09.8
Tagging docker:18.09
Tagging docker:18

$ test/run.sh docker:18.09.8
testing docker:18.09.8
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build docker:18.09.8-dind
Using bashbrew/cache:cc290471c78209d81672a50538161d21c062acda3805451b81943d43cb21406b (docker:18.09.8-dind)
Tagging docker:18.09.8-dind
Tagging docker:18.09-dind
Tagging docker:18-dind

$ test/run.sh docker:18.09.8-dind
testing docker:18.09.8-dind
	'utc' [1/6]...passed
	'cve-2014--shellshock' [2/6]...passed
	'no-hard-coded-passwords' [3/6]...passed
	'override-cmd' [4/6]...passed
	'docker-dind' [5/6]....passed
	'docker-registry-push-pull' [6/6]....passed


$ bashbrew build docker:18.09.8-git
Using bashbrew/cache:7b8154e28ac61a0c6da01ba060007b28f681c2ee813b6a9198181d26531bbda0 (docker:18.09.8-git)
Tagging docker:18.09.8-git
Tagging docker:18.09-git
Tagging docker:18-git

$ test/run.sh docker:18.09.8-git
testing docker:18.09.8-git
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed

@yosifkit yosifkit merged commit 4531180 into docker-library:master Aug 12, 2019
@yosifkit yosifkit deleted the docker branch August 12, 2019 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

library/docker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tianon @yosifkit @docker-library-bot