Skip to content

driver/docker-container: remove conditional UsernsMode=host for userns#3425

Open
thaJeztah wants to merge 1 commit intodocker:masterfrom
thaJeztah:remove_userns_handling
Open

driver/docker-container: remove conditional UsernsMode=host for userns#3425
thaJeztah wants to merge 1 commit intodocker:masterfrom
thaJeztah:remove_userns_handling

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Sep 15, 2025

relates to:

This special handling was added in 5f8600f, to work around an issue in the daemon. That issue was fixed in moby@a826ca3, which was backported to docker v20.10.13 in moby@660b996.

Given that docker 20.10 reached EOL, and any currently supported version of docker would have the fix from moby@a826ca3, we can remove this special handling.

@thaJeztah
Copy link
Member Author

thaJeztah commented Sep 15, 2025

I see there also was a nestybox / sysbox issue linked to the original PR; in case we need to verify behavior with that somehow;

@thaJeztah thaJeztah marked this pull request as ready for review September 15, 2025 14:32
@thaJeztah
Copy link
Member Author

thaJeztah commented Sep 15, 2025

cc @crazy-max @AkihiroSuda

AkihiroSuda
AkihiroSuda reviewed Sep 17, 2025
View reviewed changes
driver/docker-container/driver.go
hc.UsernsMode = "host"
break
}
}
Copy link
Collaborator

@AkihiroSuda AkihiroSuda Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prior to #887 , UsernsMode was rather unconditionally set to "host".

Copy link
Member Author

@thaJeztah thaJeztah Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wah, sorry, looks like I missed your comment @AkihiroSuda

So, IIUC, before #561, we unconditionally set it to UsernsMode=host, which was a workaround for moby/moby#43084, because the daemon didn't correctly detect user-ns. And #561 made it a bit more granular so that we wouldn't set UsernsMode=host unconditionally, and only when needed.

But (again, IIUC), with moby/moby#43084 now included in the daemon, that handling wouldn't be needed, as it would no longer be needed to set UsernsMode=host ?

But maybe I mis-interpreted the intent here; what's the best way to verify (other than CI in this repo?)

Copy link
Collaborator

@AkihiroSuda AkihiroSuda Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But maybe I mis-interpreted the intent here; what's the best way to verify (other than CI in this repo?)

Probably we should have a CI with userns-remap mode.
If the CI passes, I have no objection to merge this PR.

@thaJeztah
driver/docker-container: remove conditional UsernsMode=host for userns
6397d1a 
This special handling was added in 5f8600f,
to work around an issue in the daemon. That issue was fixed in [moby@a826ca3],
which was backported to docker v20.10.13 in [moby@660b996].

Given that docker 20.10 reached EOL, and any currently supported version
of docker would have the fix from [moby@a826ca3], we can remove this special
handling.

[moby@a826ca3]: moby/moby@a826ca3
[moby@660b996]: moby/moby@660b996

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the remove_userns_handling branch from fb0801e to 6397d1a Compare November 3, 2025 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@thaJeztah thaJeztah

Labels

area/driver/docker-container area/driver

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thaJeztah @AkihiroSuda