Merge pull request #20501 from AkihiroSuda/fuse-overlayfs-no-longer-needed

rootless: fuse-overlayfs is not needed since Linux kernel 5.11
2024-07-30 21:34:58 +02:00 · 2024-07-30 21:34:58 +02:00 · 49546b1576
parent d1bcf42ba7 490851dffd
commit 49546b1576
2 changed files with 7 additions and 6 deletions
--- a/content/engine/security/rootless.md
+++ b/content/engine/security/rootless.md
@ -101,9 +101,8 @@ testuser:231072:65536
 - For Debian 10, add `kernel.unprivileged_userns_clone=1` to `/etc/sysctl.conf` (or
  `/etc/sysctl.d`) and run `sudo sysctl --system`. This step is not required on Debian 11.

- Installing `fuse-overlayfs` is recommended. Run `sudo apt-get install -y fuse-overlayfs`.
-  Using `overlay2` storage driver with Debian-specific modprobe option `sudo modprobe overlay permit_mounts_in_userns=1` is also possible,
-  however, highly discouraged due to [instability](https://github.com/moby/moby/issues/42302).
+- For Debian 11, installing `fuse-overlayfs` is recommended. Run `sudo apt-get install -y fuse-overlayfs`.
+  This step is not required on Debian 12.

 - Rootless docker requires version of `slirp4netns` greater than `v0.4.0` (when `vpnkit` is not installed).
  Check you have this with 
@ -120,7 +119,8 @@ testuser:231072:65536
  `/etc/sysctl.d`) and run `sudo sysctl --system`
 {{< /tab >}}
 {{< tab name="openSUSE and SLES" >}}
- Installing `fuse-overlayfs` is recommended. Run `sudo zypper install -y fuse-overlayfs`.
+- For openSUSE 15 and SLES 15, Installing `fuse-overlayfs` is recommended. Run `sudo zypper install -y fuse-overlayfs`.
+  This step is not required on openSUSE Tumbleweed.

 - `sudo modprobe ip_tables iptable_mangle iptable_nat iptable_filter` is required.
  This might be required on other distros as well depending on the configuration.
@ -128,7 +128,8 @@ testuser:231072:65536
 - Known to work on openSUSE 15 and SLES 15.
 {{< /tab >}}
 {{< tab name="CentOS, RHEL, and Fedora" >}}
- Installing `fuse-overlayfs` is recommended. Run `sudo dnf install -y fuse-overlayfs`.
+- For RHEL 8 and similar distributions, installing `fuse-overlayfs` is recommended. Run `sudo dnf install -y fuse-overlayfs`.
+  This step is not required on RHEL 9 and similar distributions.

 - You might need `sudo dnf install -y iptables`.
 {{< /tab >}}
--- a/content/storage/storagedriver/select-storage-driver.md
+++ b/content/storage/storagedriver/select-storage-driver.md
@ -24,7 +24,7 @@ The Docker Engine provides the following storage drivers on Linux:
 | Driver            | Description                                                                                                                                                                                                                                                                                                                                          |
 | :---------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `overlay2`        | `overlay2` is the preferred storage driver for all currently supported Linux distributions, and requires no extra configuration.                                                                                                                                                                                                                     |
-| `fuse-overlayfs`  | `fuse-overlayfs`is preferred only for running Rootless Docker on a host that does not provide support for rootless `overlay2`. On Ubuntu and Debian 10, the `fuse-overlayfs` driver does not need to be used, and `overlay2` works even in rootless mode. Refer to the [rootless mode documentation](../../engine/security/rootless.md) for details. |
+| `fuse-overlayfs`  | `fuse-overlayfs`is preferred only for running Rootless Docker on an old host that does not provide support for rootless `overlay2`. The `fuse-overlayfs` driver does not need to be used since Linux kernel 5.11, and `overlay2` works even in rootless mode. Refer to the [rootless mode documentation](../../engine/security/rootless.md) for details. |
 | `btrfs` and `zfs` | The `btrfs` and `zfs` storage drivers allow for advanced options, such as creating "snapshots", but require more maintenance and setup. Each of these relies on the backing filesystem being configured correctly.                                                                                                                                   |
 | `vfs`             | The `vfs` storage driver is intended for testing purposes, and for situations where no copy-on-write filesystem can be used. Performance of this storage driver is poor, and is not generally recommended for production use.                                                                                                                        |