docker-host: added var for user namespace setting

CHANGELOG.md

@@ -16,6 +16,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * userlogrotate: rotate also php.log.
 * nagios-nrpe: add a NRPE check-local command with completion.
 * policy_pam: New role allowing to manage password policy with pam_pwquality & pam_pwhistory
+* docker-host: added var for user namespace setting
 * dovecot: fix old_stats plugin for Dovecot 2.3.
 * dovecot: add Munin plugins dovecot1 and dovecot_stats (patched)
 

docker-host/defaults/main.yml

@@ -12,6 +12,9 @@ docker_conf_no_newprivileges: False
 # Toggle live restore (need to be disabled in swarm mode)
 docker_conf_live_restore: True
 
+# Toggle user namespace
+docker_conf_user_namespace: True
+
 # Disable all default network connectivity
 docker_conf_disable_default_networking: False
 

docker-host/templates/daemon.json.j2

@@ -4,8 +4,10 @@
   ,"data-root": "{{ docker_home }}"
   {# Keep containers running while docker daemon downtime #}
   ,"live-restore": {{ docker_conf_live_restore | to_json }}
+{% if docker_conf_user_namespace %}
   {# Turn on user namespace remaping #}
   ,"userns-remap": "default"
+{% endif %}
 {% if docker_conf_use_iptables %}
   {# Use iptables instead of docker-proxy #}
   ,"userland-proxy": false