search

projectatomic / docker

Docker - the open-source application container engine
http://www.docker.com
Apache License 2.0
81 stars 58 forks source link

Add better error for subuid/subgid with usernamespace 1.13.1-RHEL #303

Closed TomSweeneyRedHat closed 6 years ago

TomSweeneyRedHat commented 6 years ago

Signed-off-by: TomSweeneyRedHat tsweeney@redhat.com

- What I did

Updated man page for dockerd to indicate that subuid and subgid files need to be created for --userns-remap and then added a little more verbiage to the errors to make it more user friendly. This is the docker-1.13.1-rhel variant to go along with the docker-1.13.1 variant at #301

I've added changes to docker login's man page to address https://bugzilla.redhat.com/show_bug.cgi?id=1556956

- How I did it

vi is my friend.

- How to verify it

  1. Verify that both /etc/subuid and /etc/subgid are present and empty.

  2. Add --userns-remap=default to OPTIONS in /etc/sysconfig/docker

  3. restart docker service 'systemctl restart docker' Should see: dockerd-current[*]: Can't create ID mappings: No subuid ranges found for user "dockremap" in /etc/subuid

  4. enter values into /etc/subuid via 'echo dockremap:808080:1000 >> /etc/subuid'

  5. restart docker service 'systemctl restart docker' Should see: dockerd-current[*]: Can't create ID mappings: No subgid ranges found for gid "dockremap" in /etc/subgid

  6. enter values into /etc/subgid via 'echo dockremap:808080:1000 >> /etc/subgid'

  7. restart docker service 'systemctl restart docker'

Should not see an error.

Verify 'man dockerd' has new verbiage as noted below.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1546870

- Description for the changelog

Add better error for subuid/subgid with usernamespace Add information to Docker login man page pertaining to registries

TomSweeneyRedHat commented 6 years ago

@rhatdan @edsantiago @cevich 1-13.1-rhel variant. I'm not planning to submit this to 12.6 or any other Docker variants, please holler if you think I should.

rhatdan commented 6 years ago

LGTM

cevich commented 6 years ago

LGTM. No need for fixing this in earlier versions (IIUC) since it's not supported by those kernels anyway.

TomSweeneyRedHat commented 6 years ago

I did not change the original two files, but added changes to docker login's man page to address https://bugzilla.redhat.com/show_bug.cgi?id=1556956

rhatdan commented 6 years ago

LGTM Merging.