From 94aae8ab652e967c6ae513d85df46ea1a51e138a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 16 Nov 2017 12:54:31 +0100
Subject: [PATCH] Skip further checks for quota in user namespaces

Commit 7a1618ced359a3ac921d8a05903d62f544ff17d0 regresses running Docker
in user namespaces. The new check for whether quota are supported calls
NewControl() which in turn calls makeBackingFsDev() which tries to
mknod(). Skip quota tests when we detect that we are running in a user
namespace and return ErrQuotaNotSupported to the caller. This just
restores the status quo.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Upstream-commit: 7e35df0e0484118740dbf01e7db9b482a1827ef1
Component: engine
---
 .../engine/daemon/graphdriver/quota/projectquota.go      | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/components/engine/daemon/graphdriver/quota/projectquota.go b/components/engine/daemon/graphdriver/quota/projectquota.go
index 9709588b6b..e25965baf3 100644
--- a/components/engine/daemon/graphdriver/quota/projectquota.go
+++ b/components/engine/daemon/graphdriver/quota/projectquota.go
@@ -58,6 +58,7 @@ import (
 	"path/filepath"
 	"unsafe"
 
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
@@ -98,6 +99,14 @@ type Control struct {
 // project ids.
 //
 func NewControl(basePath string) (*Control, error) {
+	//
+	// If we are running in a user namespace quota won't be supported for
+	// now since makeBackingFsDev() will try to mknod().
+	//
+	if rsystem.RunningInUserNS() {
+		return nil, ErrQuotaNotSupported
+	}
+
 	//
 	// create backing filesystem device node
 	//