mirror of
https://github.com/docker/cli.git
synced 2026-01-16 20:22:36 +03:00
77fe26d1a3
When runc is bind-mounting a particular path "with options", it has to do so by first creating a bind-mount and the modifying the options of said bind-mount via remount. However, in a user namespace, there are restrictions on which flags you can change with a remount (due to CL_UNPRIVILEGED being set in this instance). Docker historically has ignored this, and as a result, internal Docker mounts (such as secrets) haven't worked with --userns-remap. Fix this by preserving CL_UNPRIVILEGED mount flags when Docker is spawning containers with user namespaces enabled. Ref: https://github.com/opencontainers/runc/pull/1603 Signed-off-by: Aleksa Sarai <asarai@suse.de> Upstream-commit: c0f883fdeeb2480970fb48fbcbc2a842aa5a90e8 Component: engine