These were notes about distro versions that have been EOL for a long
time, and an old version of docker engine that's EOL as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Fixed rootlesskit binary path, mention daemon restart
`rootlesskit` lives at `/usr/bin/rootlesskit`. After setting `CAP_NET_BIND_SERVICE` capability daemon has to be restarted.
* Changed rootlesskit binary path to be dynamically resolved
The SELinux workaround for `/run/xtables.lock` is no longer needed
since Docker 20.10.8 (moby/moby PR 42462)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- sysctl `kernel.unprivileged_userns_clone=1` is no longer needed
- Recommend fuse-overlayfs.
Debian kernel has modprobe option `permit_mounts_in_userns=1` but
still unstable (moby/moby issue 42302)
- Now apt repo has relatively recent version of slirp4netns (1.0.1)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- Add missing code-hints (console, yaml)
- Consistently add an empty line after code-blocks
- Combine some examples where the output and the command were
put in separate blocks. With the "console" code-hint, this
is no longer nescessary.
- fix indentation in cloud/ecs-integration.md, which caused the
numbered-list to be interrupted.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Added .md files for SLES and RHEL engine installation. Added indexing to _data/toc.yaml and engine/install/index.md. Modified engine/install/index.md, includes/install-script.md, engine/security/rootless.md, storage/storagedriver/device-mapper-driver.md, and storage/storagedriver/select-storage-driver.md to add info for added RHEL and SLES support. Modified engine/install/ubuntu.md to add s390x repos and other info. Added tab target for RHEL and SLES to engine/security/rootless.md along with other info.
Signed-off-by: Nirman Narang <narang@us.ibm.com>
NFS mounts are not currently supported for rootless data-root so there should probably be a note about it so no one gets confused when it doesn't work.
Errors for running rootless containers when your data-root is an NFS mount look like:
```
docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: open /root/.bash_logout: permission denied.
```
* Workaround for outdated slirp4netns on debian
I had issue on debian 11 where the package on the
main apt repositories was too old. This provides workaround, by
adding the testing repos to sources list then upgrading slirp4netns
* pr review
- add console tag
- add newline before console code block
- remove the installation instructions to `slirp4netns` and link to the releases page, which will have it anyway.
* pr review
- add in suggested comment about vpnkit
BuildKit allows using alternative Dockerfile syntaxes to introduce new features
without having to update Docker itself. The general recommendation is to always
specify a "syntax" directive in a Dockerfile, so that (if needed) older versions
of Docker can download the correct syntax to build the Dockerfile.
This updates our examples to include a syntax directive, to make users more familiar
with these directives, and to illustrate best-pracitces in our documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- btrfs is now supported (moby/moby PR 42253)
- CLI context "rootless" is now created by default (moby/moby PR 42109)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
