From c53a05b8c190e9924be8ffd2f79aa58d1fd90ee0 Mon Sep 17 00:00:00 2001
From: Jem Bishop <40360024+jembishop@users.noreply.github.com>
Date: Thu, 1 Jul 2021 17:11:09 +0100
Subject: [PATCH] Workaround for outdated slirp4netns on debian (#13029)

* Workaround for outdated slirp4netns on debian

I had issue on debian 11 where the package on the
main apt repositories was too old. This provides workaround, by
adding the testing repos to sources list then upgrading slirp4netns

* pr review

- add console tag
- add newline before console code block
- remove the installation instructions to `slirp4netns` and link to the releases page, which will have it anyway.

* pr review

- add in suggested comment about vpnkit
---
 engine/security/rootless.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/engine/security/rootless.md b/engine/security/rootless.md
index 05cc53d8fd..735945b52b 100644
--- a/engine/security/rootless.md
+++ b/engine/security/rootless.md
@@ -76,6 +76,15 @@ testuser:231072:65536
   `sudo modprobe overlay permit_mounts_in_userns=1`
    ([Debian-specific kernel patch, introduced in Debian 10](https://salsa.debian.org/kernel-team/linux/blob/283390e7feb21b47779b48e0c8eb0cc409d2c815/debian/patches/debian/overlayfs-permit-mounts-in-userns.patch)).
    Add the configuration to `/etc/modprobe.d` for persistence.
+  
+- Rootless docker requires version of `slirp4netns` greater than `v0.4.0` (when `vpnkit` is not installed).
+  Check you have this with 
+  
+  ```console
+  $ slirp4netns --version
+  ```
+  If you do not have this download and install the latest [release](https://github.com/rootless-containers/slirp4netns/releases).
+
 </div>
 <div id="hint-arch" class="tab-pane fade in" markdown="1">
 - Installing `fuse-overlayfs` is recommended. Run `sudo pacman -S fuse-overlayfs`.