Arch Linux User Repository

Something else I noticed:

Couldn't write '1' to 'kernel/unprivileged_userns_clone', ignoring: No such file or directory

This feature is contradicted and is being said to be a heavy security issue: https://github.com/archlinux/linux/commit/479ca137ea2b368c8c8e84d5ce7c4084f5653a0d#diff-02e6057517474f1cfa234bb77eb4f675a81fb1c7136a000ae8b58b63e11a546dR1179

It is also absent in the current kernel: https://github.com/archlinux/linux/blob/master/init/Kconfig#L1183

You might want to add some warning and some check, in case the kernel doesn't support it (mine does not).

Added aarch64 to both this and docker-rootless-extras.

I don't have an environment on which to test it though. Have you managed to build an aarch64 ISO?

Please add support for aarch64:

arch=('x86_64')
-> arch=('x86_64' 'aarch64')

    "https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-$pkgver.tgz"
->  "https://download.docker.com/linux/static/stable/$arch/docker-rootless-extras-$pkgver.tgz"

sha256sums=('ac4d55e87efa1eec306a91f655d8ae00339be5f631b8b41c10d5c588a3cf0473'
-> sha256sums=('SKIP'

Thanks, abcalphabet. The diff works fine for me as well.

I'm not entirely certain where to correctly submit this, but the following changes to the package have enabled me to work with docker 20.10.6-1 normally:

diff --git a/.SRCINFO b/.SRCINFO
index 736ac51..9d20c26 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -6,18 +6,18 @@ pkgbase = docker-rootless-extras-bin
        install = docker-rootless-extras-bin.install
        arch = x86_64
        license = Apache
-       depends = docker<1:20.10.6
+       depends = docker
        optdepends = fuse-overlayfs: overlayfs support
        optdepends = slirp4netns: faster network stack
        provides = docker-rootless
        provides = docker-rootless-extras
        conflicts = docker-rootless
        conflicts = docker-rootless-extras
-       source = https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-20.10.5.tgz
+       source = https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-20.10.6.tgz
        source = docker.service
        source = docker.socket
        source = 99-docker-rootless.conf
-       sha256sums = c7265d1c376dcfc182714235fc3e8ea5e2f3f540af94450fa0469cac97b3dd55
+       sha256sums = ac4d55e87efa1eec306a91f655d8ae00339be5f631b8b41c10d5c588a3cf0473
        sha256sums = 7c31c7f7755776bf9571e551ff4006035562e4394d88166809dd71b2ba847fc5
        sha256sums = d8695293e5d4a814763f13e1d36ed37273040666b4b91363d6c33171df8934c7
        sha256sums = d0d790d4c3d887b10b2b155b83a58a44980b9fa638f8c0f1faec0739dc0ef473
diff --git a/PKGBUILD b/PKGBUILD
index 6ef4171..561578b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,13 +3,13 @@
 # Contributors: koba1t <kobdotsh at gmail dot com>

 pkgname=docker-rootless-extras-bin
-pkgver=20.10.5
+pkgver=20.10.6
 pkgrel=1
 pkgdesc="Extras to run docker as non-root."
 arch=('x86_64')
 url="https://docs.docker.com/engine/security/rootless/"
 license=('Apache')
-depends=('docker<1:20.10.6')
+depends=('docker')
 optdepends=('fuse-overlayfs: overlayfs support'
             'slirp4netns: faster network stack')
 provides=('docker-rootless' 'docker-rootless-extras')
@@ -22,7 +22,7 @@ source=(
        "99-docker-rootless.conf"
 )

-sha256sums=('c7265d1c376dcfc182714235fc3e8ea5e2f3f540af94450fa0469cac97b3dd55'
+sha256sums=('ac4d55e87efa1eec306a91f655d8ae00339be5f631b8b41c10d5c588a3cf0473'
             '7c31c7f7755776bf9571e551ff4006035562e4394d88166809dd71b2ba847fc5'
             'd8695293e5d4a814763f13e1d36ed37273040666b4b91363d6c33171df8934c7'
             'd0d790d4c3d887b10b2b155b83a58a44980b9fa638f8c0f1faec0739dc0ef473')

Docker 20.10.6 DOES NOT work with rootless. I've reported the issue upstream, and have pinned the required version in the meantime.

Make sure you update this package before you upgrade docker itself.

Opened https://github.com/moby/moby/issues/42078 with all my findings.

I saw these emails come in and wondered what I'd done differently a few days ago when installing this to avoid the aforementioned issue. I think it is indeed that I also enabled the user Docker service alongside the socket.

I followed the instructions in the post-install message, including: systemctl --user enable --now docker.socket

But I noticed the following strange behaviour:

The first command against the docker socket after logging in seems to hang and does not return:

1. Login
2. Run docker ps -a

Result:

docker ps -a hangs and does not return. In journalctl --user -u docker.service -f I can see that docker.service starts as soon as I run docker ps -a. There are no apparent errors. If I cancel (Ctrl+c) docker ps -a and run it again, it succeeds.

Could this be a timing issue? docker.service not being completely ready before docker ps -a tries to access it?

If I also run systemctl --user enable docker.service docker ps -a runs successfully even the first time after login.

Maybe that should be added to the post-install message?

I've been seeing the same issue too.

Now that I know it's not just me, I'll report it upstream and see if anything can be figured out.