Add note about mount-propagation and engine 18.09+ #8001
Conversation
thaJeztah
added
area/engine
|
ping @cpuguy83 @kolyshkin - not sure if I picked the right wording/terminology, so pls check 🤗 |
|
Deploy preview for docsdocker ready! Built with commit 02013e2 |
engine/release-notes.md
Outdated
| #### Important notes about this release | ||
|
|
||
| Docker Engine 18.09.0 and up install containerd as a separate systemd unit. Containerd | ||
| therefore uses its own mount-namespace. The Docker Engine cannot run succesfully |
There was a problem hiding this comment.
I think only it's own mount namespace in certain circumstances.
There was a problem hiding this comment.
But the the issues is we don't want them to be in separate namespaces with non-shared propagation.
There was a problem hiding this comment.
As long as it looks good to @thaJeztah I'm good with this.
There was a problem hiding this comment.
@thaJeztah as long as this looks ok to you, we can go ahead and merge.
engine/release-notes.md
Outdated
| #### Important notes about this release | ||
|
|
||
| Docker Engine 18.09.0 and up install containerd as a separate systemd unit. Containerd | ||
| therefore uses its own mount-namespace. The Docker Engine cannot run succesfully |
There was a problem hiding this comment.
As long as it looks good to @thaJeztah I'm good with this.
|
@kolyshkin PTAL. Thanks! |
thaJeztah
force-pushed
the
add_mountflags_warning
branch
from
11eb239 to
dae7ec6
Compare
|
updated 👍 |
engine/release-notes.md
Outdated
| ### Security fixes for Docker Engine EE and CE | ||
| #### Important notes about this release | ||
|
|
||
| Docker Engine 18.09.0 and up install containerd as a separate systemd unit. Containerd |
There was a problem hiding this comment.
This line is not technically accurate.
Maybe something like:
In Docker versions prior to 18.09, containerd was managed by the Docker engine daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd is managed by systemd, any custom configuration to the
docker.servicesystemd configuration which changes mount settings (e.g.MountFlags=slave) will break interactions between the Docker Engine daemon and containerd, and you will not be able to start containers.
Not perfect, but...
There was a problem hiding this comment.
@thaJeztah PTAL and comment. thanks!
There was a problem hiding this comment.
oh, sorry, missed @cpuguy83's comment. That suggestion looks good to me; I'll update my PR
Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
add_mountflags_warning
branch
from
dae7ec6 to
02013e2
Compare
|
updated 👍 |
|
Looks like these changes were already pushed directly to master in 4129dc0, so let's close this one |
fixes moby/moby#38506