- btrfs is now supported (moby/moby PR 42253)
- CLI context "rootless" is now created by default (moby/moby PR 42109)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
= _includes/install-script.md, engine/install/linux-postinstall.md =
- Remove "Rootless mode is currently available as an experimental feature."
Close issue 12050
= engine/security/rootless.md =
== "Prerequiresites" section ==
- Remove information about old distros (Debian 9, CentOS 7.5-7.6)
== "Distribution-specific hint" section ==
- Tabified (`<div class="tab-content" />`)
== "Known limitations" section ==
- Kernel 5.11 supports rootless overlayfs, without the Ubuntu/Debian patch.
== "Install" section ==
- Promote RPM/DEB installation over TGZ installation.
See docker/roadmap issue 188
== "Uninstall" section ==
- Add "Uninstall" section.
Close issue 12053
== "Usage" section ==
- Added more information about systemd
- Move `nsenter` tips to "Tips for debugging" subsection under "Troubleshooting" section
== "Best practice" section ==
- Remove guide for `lxc-user-nic` network driver due to immaturity.
Will be brought back in future.
See rootless-containers/rootlesskit issue 138 .
== "Troubleshooting" section ==
- Add a guide for "can't open lock file /run/xtables.lock: Permission denied" (SELinux).
See moby/moby issue 41230
- Add a guide for "failed to register layer: ApplyLayer exit status 1 ..." (NFS).
Close docker/for-linux issue 1172
- Improve guides for slirp4netns.
- Remove v19.03 information (e.g., "cgroup v2 is unsupported, use cgroup v1")
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Docker now supports cgroup v2 (both rootful and rootless)
* Rootless mode graduated from experimental
* New storage driver: fuse-overlayfs
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
See https://web.dev/external-anchors-use-rel-noopener/
Using noopener, as that addresses the security issue. "noreferer" blocks
the REFERER header, which may still be useful for some target URLs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Add Ubuntu 20.04
* Remove Fedora 30 (EOL)
* `docker run --net=host` does not work in the most expected way
* Allow installation as the root
* Nightly channel
* `docker context create rootless`
* `DOCKER_HOST=ssh://...`
* Alternatives to cgroup flags (`docker run --cpus --memory --pids-limit`)
* A bunch of troubleshooting tips
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Removed is from line 80
Removed is from line 80 as this is not required
* changed text to link at line 129
changed text to link at line 129 to make it easy for user to navigate
* changed the URL to link
changed the URL to link for easy navigation
* added these before flags in line 186
added these before flags in line 186
Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Add "Run the Docker daemon as a non-root user (Rootless mode)":
`engine/security/rootless.md`
The content is based on https://github.com/moby/moby/blob/master/docs/rootless.md
`rootless.md` in `moby/moby` will be replaced of the link to
the `docs.docker.com` page compiled from `rootless.md` in this repo.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Akihiro Suda