Skip to content

Commit

Permalink
Fix run Docker containers with user namespaces enabled. Fixes #2414
Browse files Browse the repository at this point in the history
  • Loading branch information
@grossmj
grossmj committed Oct 26, 2024
1 parent dbe2b8a commit 48b7e6c
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 31 deletions.
3 changes: 2 additions & 1 deletion gns3server/compute/docker/docker_vm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,8 +383,8 @@ async def create(self):
"CapAdd": ["ALL"],
"Privileged": True,
"Binds": self._mount_binds(image_infos),
"UsernsMode": "host",
},
"UsernsMode": "host",
"Volumes": {},
"Env": ["container=docker"], # Systemd compliant: https://github.com/GNS3/gns3-server/issues/573
"Cmd": [],
Expand Down Expand Up @@ -451,6 +451,7 @@ async def create(self):
if extra_hosts:
params["Env"].append("GNS3_EXTRA_HOSTS={}".format(extra_hosts))

print(params)
result = await self.manager.query("POST", "containers/create", data=params)
self._cid = result['Id']
log.info("Docker container '{name}' [{id}] created".format(name=self._name, id=self._id))
Expand Down
60 changes: 30 additions & 30 deletions tests/compute/docker/test_docker_vm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,9 @@ async def test_create(compute_project, manager):
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network"))
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -146,9 +146,9 @@ async def test_create_with_tag(compute_project, manager):
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network"))
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -189,9 +189,9 @@ async def test_create_vnc(compute_project, manager):
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network")),
"/tmp/.X11-unix/X{0}:/tmp/.X11-unix/X{0}:ro".format(vm._display)
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -319,9 +319,9 @@ async def test_create_start_cmd(compute_project, manager):
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network"))
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"Entrypoint": ["/gns3/init.sh"],
"Cmd": ["/bin/ls"],
Expand Down Expand Up @@ -418,9 +418,9 @@ async def information():
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network"))
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -462,9 +462,9 @@ async def test_create_with_user(compute_project, manager):
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network"))
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -546,9 +546,9 @@ async def test_create_with_extra_volumes_duplicate_1_image(compute_project, mana
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network")),
"{}:/gns3volumes/vol/1".format(os.path.join(vm.working_dir, "vol", "1")),
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -586,9 +586,9 @@ async def test_create_with_extra_volumes_duplicate_2_user(compute_project, manag
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network")),
"{}:/gns3volumes/vol/1".format(os.path.join(vm.working_dir, "vol", "1")),
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -626,9 +626,9 @@ async def test_create_with_extra_volumes_duplicate_3_subdir(compute_project, man
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network")),
"{}:/gns3volumes/vol".format(os.path.join(vm.working_dir, "vol")),
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -666,9 +666,9 @@ async def test_create_with_extra_volumes_duplicate_4_backslash(compute_project,
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network")),
"{}:/gns3volumes/vol".format(os.path.join(vm.working_dir, "vol")),
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -705,9 +705,9 @@ async def test_create_with_extra_volumes_duplicate_5_subdir_issue_1595(compute_p
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc".format(os.path.join(vm.working_dir, "etc")),
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -744,9 +744,9 @@ async def test_create_with_extra_volumes_duplicate_6_subdir_issue_1595(compute_p
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc".format(os.path.join(vm.working_dir, "etc")),
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -791,9 +791,9 @@ async def test_create_with_extra_volumes(compute_project, manager):
"{}:/gns3volumes/vol/1".format(os.path.join(vm.working_dir, "vol", "1")),
"{}:/gns3volumes/vol/2".format(os.path.join(vm.working_dir, "vol", "2")),
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -1040,9 +1040,9 @@ async def test_update(vm):
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network"))
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down Expand Up @@ -1109,9 +1109,9 @@ async def test_update_running(vm):
"{}:/gns3:ro".format(Docker.resources_path()),
"{}:/gns3volumes/etc/network".format(os.path.join(vm.working_dir, "etc", "network"))
],
"Privileged": True
"Privileged": True,
"UsernsMode": "host"
},
"UsernsMode": "host",
"Volumes": {},
"NetworkDisabled": True,
"Hostname": "test",
Expand Down

0 comments on commit 48b7e6c

Please sign in to comment.