How do I make exceptions to Docker namespacing?

Question

Via /etc/docker/daemon.json, I've configured a user namespace using userns-remap. I'm trying to start a nginx-proxy container, but it requires access to the Docker socket, which requires it to be real root. The namespacing breaks this, causing an "operation not permitted" error.

Is there a way to tell Docker to not put this one individual container in the namespace? If it's possible through docker-compose, that's preferrable.

score 4 · Answer 1 · edited Mar 08 '18 at 16:45

4

This problem can be solved by adding the command line option for the container in question --userns=host.

For docker-compose, the version must be 2.1 or newer. You can add userns_mode: 'host' to the relevant service definition.

edited Mar 08 '18 at 16:45

FelikZ

335
4
12

answered Mar 04 '17 at 23:12

M-Pixel

169
8

How do I make exceptions to Docker namespacing?

1 Answers1