toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add "userns" to docker info security options output

Browse Source 
If user namespaces is enabled on the daemon, reveal that via docker info
by adding "userns" to the list of security options reported by the
info endpoint.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: ae74092e450f1f2665b90257b65513cc0c19702f
Component: engine
This commit is contained in:
Phil Estes
2016-10-28 00:35:51 +02:00
parent a12095fbb1
commit 68b003581b
4 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/engine/docs/reference/api/docker_remote_api.md
View File

@ -161,7 +161,7 @@ This section lists each version from latest to oldest. Each listing includes a
* `POST /networks/prune` prunes unused networks.
* Every API response now includes a `Docker-Experimental` header specifying if experimental features are enabled (value can be `true` or `false`).
* The `hostConfig` option now accepts the fields `CpuRealtimePeriod` and `CpuRtRuntime` to allocate cpu runtime to rt tasks when `CONFIG_RT_GROUP_SCHED` is enabled in the kernel.
* The `SecurityOptions` field within the `GET /info` response now includes `userns` if user namespaces are enabled in the daemon.
### v1.24 API changes

3
components/engine/docs/reference/api/docker_remote_api_v1.25.md
View File

@ -2503,7 +2503,8 @@ Display system-wide information
"SecurityOptions": [
"apparmor",
"seccomp",
"selinux"
"selinux",
"userns"
],
"ServerVersion": "1.9.0",
"SwapLimit": false,

5
components/engine/docs/reference/commandline/dockerd.md
View File

@ -986,6 +986,11 @@ If you have a group that doesn't match the username, you may provide the `gid`
or group name as well; otherwise the username will be used as the group name
when querying the system for the subordinate group ID range.
The output of `docker info` can be used to determine if the daemon is running
with user namespaces enabled or not. If the daemon is configured with user
namespaces, the Security Options entry in the response will list "userns" as
one of the enabled security features.
### Detailed information on `subuid`/`subgid` ranges
Given potential advanced use of the subordinate ID ranges by power users, the