| Git Clone URL: | https://aur.archlinux.org/docker-rootless-extras.git (read-only, click to copy) |
|---|---|
| Package Base: | docker-rootless-extras |
| Description: | Extras to run docker as non-root. |
| Upstream URL: | https://docs.docker.com/engine/security/rootless/ |
| Keywords: | containers docker isolation rootless |
| Licenses: | Apache |
| Conflicts: | docker-rootless, docker-rootless-extras, docker-rootless-extras-bin |
| Provides: | docker-rootless, docker-rootless-extras, docker-rootless-extras-bin |
| Submitter: | whynothugo |
| Maintainer: | the-k |
| Last Packager: | the-k |
| Votes: | 35 |
| Popularity: | 1.64 |
| First Submitted: | 2021-04-14 17:58 (UTC) |
| Last Updated: | 2025-05-31 11:31 (UTC) |
@whynothugo: I could build an aarch64 package without issues, I also could install it and start docker-rootless.sh
Although, without the kernel/unprivileged_userns_clone feature I cannot build my planned docker image... this is a docker issue though.
Something else I noticed:
Couldn't write '1' to 'kernel/unprivileged_userns_clone', ignoring: No such file or directory
This feature is contradicted and is being said to be a heavy security issue: https://github.com/archlinux/linux/commit/479ca137ea2b368c8c8e84d5ce7c4084f5653a0d#diff-02e6057517474f1cfa234bb77eb4f675a81fb1c7136a000ae8b58b63e11a546dR1179
It is also absent in the current kernel: https://github.com/archlinux/linux/blob/master/init/Kconfig#L1183
You might want to add some warning and some check, in case the kernel doesn't support it (mine does not).
Added aarch64 to both this and docker-rootless-extras.
I don't have an environment on which to test it though. Have you managed to build an aarch64 ISO?
Please add support for aarch64:
arch=('x86_64')
-> arch=('x86_64' 'aarch64')
"https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-$pkgver.tgz"
-> "https://download.docker.com/linux/static/stable/$arch/docker-rootless-extras-$pkgver.tgz"
sha256sums=('ac4d55e87efa1eec306a91f655d8ae00339be5f631b8b41c10d5c588a3cf0473'
-> sha256sums=('SKIP'
Thanks, abcalphabet. The diff works fine for me as well.
I'm not entirely certain where to correctly submit this, but the following changes to the package have enabled me to work with docker 20.10.6-1 normally:
diff --git a/.SRCINFO b/.SRCINFO
index 736ac51..9d20c26 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -6,18 +6,18 @@ pkgbase = docker-rootless-extras-bin
install = docker-rootless-extras-bin.install
arch = x86_64
license = Apache
- depends = docker<1:20.10.6
+ depends = docker
optdepends = fuse-overlayfs: overlayfs support
optdepends = slirp4netns: faster network stack
provides = docker-rootless
provides = docker-rootless-extras
conflicts = docker-rootless
conflicts = docker-rootless-extras
- source = https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-20.10.5.tgz
+ source = https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-20.10.6.tgz
source = docker.service
source = docker.socket
source = 99-docker-rootless.conf
- sha256sums = c7265d1c376dcfc182714235fc3e8ea5e2f3f540af94450fa0469cac97b3dd55
+ sha256sums = ac4d55e87efa1eec306a91f655d8ae00339be5f631b8b41c10d5c588a3cf0473
sha256sums = 7c31c7f7755776bf9571e551ff4006035562e4394d88166809dd71b2ba847fc5
sha256sums = d8695293e5d4a814763f13e1d36ed37273040666b4b91363d6c33171df8934c7
sha256sums = d0d790d4c3d887b10b2b155b83a58a44980b9fa638f8c0f1faec0739dc0ef473
diff --git a/PKGBUILD b/PKGBUILD
index 6ef4171..561578b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,13 +3,13 @@
# Contributors: koba1t <kobdotsh at gmail dot com>
pkgname=docker-rootless-extras-bin
-pkgver=20.10.5
+pkgver=20.10.6
pkgrel=1
pkgdesc="Extras to run docker as non-root."
arch=('x86_64')
url="https://docs.docker.com/engine/security/rootless/"
license=('Apache')
-depends=('docker<1:20.10.6')
+depends=('docker')
optdepends=('fuse-overlayfs: overlayfs support'
'slirp4netns: faster network stack')
provides=('docker-rootless' 'docker-rootless-extras')
@@ -22,7 +22,7 @@ source=(
"99-docker-rootless.conf"
)
-sha256sums=('c7265d1c376dcfc182714235fc3e8ea5e2f3f540af94450fa0469cac97b3dd55'
+sha256sums=('ac4d55e87efa1eec306a91f655d8ae00339be5f631b8b41c10d5c588a3cf0473'
'7c31c7f7755776bf9571e551ff4006035562e4394d88166809dd71b2ba847fc5'
'd8695293e5d4a814763f13e1d36ed37273040666b4b91363d6c33171df8934c7'
'd0d790d4c3d887b10b2b155b83a58a44980b9fa638f8c0f1faec0739dc0ef473')
Docker 20.10.6 DOES NOT work with rootless. I've reported the issue upstream, and have pinned the required version in the meantime.
Make sure you update this package before you upgrade docker itself.
Opened https://github.com/moby/moby/issues/42078 with all my findings.
I saw these emails come in and wondered what I'd done differently a few days ago when installing this to avoid the aforementioned issue. I think it is indeed that I also enabled the user Docker service alongside the socket.
I followed the instructions in the post-install message, including: systemctl --user enable --now docker.socket
But I noticed the following strange behaviour:
The first command against the docker socket after logging in seems to hang and does not return:
docker ps -aResult:
docker ps -a hangs and does not return. In journalctl --user -u docker.service -f I can see that docker.service starts as soon as I run docker ps -a. There are no apparent errors.
If I cancel (Ctrl+c) docker ps -a and run it again, it succeeds.
Could this be a timing issue? docker.service not being completely ready before docker ps -a tries to access it?
If I also run systemctl --user enable docker.service docker ps -a runs successfully even the first time after login.
Maybe that should be added to the post-install message?
Pinned Comments