don't try to use aufs in a user namespace

If aufs is already modprobe'd but we are in a user namespace, the
aufs driver will happily load but then get eperm when it actually tries
to do something.  So detect that condition.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn 2016-03-31 14:42:16 -05:00
Родитель 4a7bd7eaef
Коммит 2a71f28a4e
1 изменённых файлов: 7 добавлений и 0 удалений

Просмотреть файл

@ -46,11 +46,14 @@ import (
"github.com/docker/docker/pkg/stringid"
"github.com/opencontainers/runc/libcontainer/label"
rsystem "github.com/opencontainers/runc/libcontainer/system"
)
var (
// ErrAufsNotSupported is returned if aufs is not supported by the host.
ErrAufsNotSupported = fmt.Errorf("AUFS was not found in /proc/filesystems")
// ErrAufsNested means aufs cannot be used bc we are in a user namespace
ErrAufsNested = fmt.Errorf("AUFS cannot be used in non-init user namespace")
incompatibleFsMagic = []graphdriver.FsMagic{
graphdriver.FsMagicBtrfs,
graphdriver.FsMagicAufs,
@ -146,6 +149,10 @@ func supportsAufs() error {
// proc/filesystems for when aufs is supported
exec.Command("modprobe", "aufs").Run()
if rsystem.RunningInUserNS() {
return ErrAufsNested
}
f, err := os.Open("/proc/filesystems")
if err != nil {
return err