Release v1.9.2-rc1 (#76)

* Bump up kernel to 4.14.229

* Support user Docker userns-remap (#63)

Author: olljanat

Dockerfile.dapper

@@ -60,7 +60,7 @@ ARG DISTRIB_ID=BurmillaOS
 
 ARG SELINUX_POLICY_URL=https://github.com/burmilla/refpolicy/releases/download/v0.0.3/policy.29
 
-ARG KERNEL_VERSION=4.14.218-burmilla
+ARG KERNEL_VERSION=4.14.229-burmilla
 ARG KERNEL_URL_amd64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-x86.tar.gz
 ARG KERNEL_URL_arm64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-arm64.tar.gz
 

config/docker_config.go

@@ -20,6 +20,11 @@ func (d *DockerConfig) FullArgs() []string {
 	if d.TLS {
 		args = append(args, d.TLSArgs...)
 	}
+
+	if d.UserNsEnabled {
+		args = append(args, "--userns-remap")
+		args = append(args, "user-docker:user-docker")
+	}
 	return args
 }
 

config/schema.go

@@ -143,6 +143,7 @@ var schema = `{
 				"selinux_enabled": {"type": ["boolean", "null"]},
 				"storage_driver": {"type": "string"},
 				"userland_proxy": {"type": ["boolean", "null"]},
+				"userns_enabled": {"type": ["boolean", "null"]},
 				"insecure_registry": {"$ref": "#/definitions/list_of_strings"}
 			}
 		},

config/types.go

@@ -197,6 +197,7 @@ type DockerConfig struct {
 	CAKey          string   `yaml:"ca_key,omitempty"`
 	Environment    []string `yaml:"environment,omitempty"`
 	StorageContext string   `yaml:"storage_context,omitempty"`
+	UserNsEnabled  bool     `yaml:"userns_enabled,omitempty"`
 	Exec           bool     `yaml:"exec,omitempty"`
 }
 

images/01-base/Dockerfile

@@ -40,7 +40,12 @@ RUN rm /sbin/poweroff /sbin/reboot /sbin/halt && \
     rm -f /usr/share/bash-completion/completions/* && \
     chmod 555 /lib/dhcpcd/dhcpcd-run-hooks && \
     sed -i 1,10d /etc/rsyslog.conf && \
-    echo "*.*                /var/log/syslog" >> /etc/rsyslog.conf
+    echo "*.*                /var/log/syslog" >> /etc/rsyslog.conf && \
+    \
+    addgroup -g 1200 user-docker && \
+    adduser -u 1200 -G user-docker -S -H user-docker && \
+    echo 'user-docker:100000:65536' > /etc/subuid && \
+    echo 'user-docker:100000:65536' > /etc/subgid
 # dump kernel log to console (but after we've finished booting)
 #    echo "kern.*                /dev/console" >> /etc/rsyslog.conf
 

images/02-console/Dockerfile

@@ -26,7 +26,12 @@ RUN apt-get update \
     && cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.tpl \
     && cat /etc/ssh/sshd_config.append.tpl >> /etc/ssh/sshd_config.tpl \
     && rm -f /etc/ssh/sshd_config.append.tpl /etc/ssh/sshd_config \
-    && echo > /etc/motd
+    && echo > /etc/motd \
+    \
+    && addgroup --gid 1200 user-docker \
+    && adduser --system -u 1200 --gid 1200 --disabled-login --no-create-home user-docker \
+    && echo 'user-docker:100000:65536' > /etc/subuid \
+    && echo 'user-docker:100000:65536' > /etc/subgid
 
 COPY build/iscsid.conf /etc/iscsi/
 

scripts/schema.json

@@ -136,6 +136,7 @@
         "selinux_enabled": {"type": ["boolean", "null"]},
         "storage_driver": {"type": "string"},
         "userland_proxy": {"type": ["boolean", "null"]},
+        "userns_enabled": {"type": ["boolean", "null"]},
         "insecure_registry": {"$ref": "#/definitions/list_of_strings"}
       }
     },