From e4436d9066b71895ae99629763d0e91d9bbd6fa9 Mon Sep 17 00:00:00 2001 From: Tom David--Broglio Date: Mon, 3 Jul 2023 18:37:15 +0200 Subject: [PATCH] docker-host: added var for user namespace setting --- CHANGELOG.md | 1 + docker-host/defaults/main.yml | 3 +++ docker-host/templates/daemon.json.j2 | 2 ++ 3 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6dbcaecb..fae32929 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * userlogrotate: rotate also php.log. * nagios-nrpe: add a NRPE check-local command with completion. * policy_pam: New role allowing to manage password policy with pam_pwquality & pam_pwhistory +* docker-host: added var for user namespace setting * dovecot: fix old_stats plugin for Dovecot 2.3. * dovecot: add Munin plugins dovecot1 and dovecot_stats (patched) diff --git a/docker-host/defaults/main.yml b/docker-host/defaults/main.yml index 42c9cecc..bc5dc88f 100644 --- a/docker-host/defaults/main.yml +++ b/docker-host/defaults/main.yml @@ -12,6 +12,9 @@ docker_conf_no_newprivileges: False # Toggle live restore (need to be disabled in swarm mode) docker_conf_live_restore: True +# Toggle user namespace +docker_conf_user_namespace: True + # Disable all default network connectivity docker_conf_disable_default_networking: False diff --git a/docker-host/templates/daemon.json.j2 b/docker-host/templates/daemon.json.j2 index a044234b..92d60f8d 100644 --- a/docker-host/templates/daemon.json.j2 +++ b/docker-host/templates/daemon.json.j2 @@ -4,8 +4,10 @@ ,"data-root": "{{ docker_home }}" {# Keep containers running while docker daemon downtime #} ,"live-restore": {{ docker_conf_live_restore | to_json }} +{% if docker_conf_user_namespace %} {# Turn on user namespace remaping #} ,"userns-remap": "default" +{% endif %} {% if docker_conf_use_iptables %} {# Use iptables instead of docker-proxy #} ,"userland-proxy": false