Hi, Ludovic Courtès <[email protected]> writes:
> So hmm, it looks like in practice we’re left with no choice but to keep > using ‘--disable-chroot’ in Docker? Without unprivileged user namespaces being allowed, the situation hasn't changed I think. > Do you happen to know what people running Docker-in-Docker (or similar) > do? No, but I found this [1] and this [2], so using `--privileged` (or at least allowing unprivileged user namespaces) seems to be necessary. Cheers, David [1] https://docs.docker.com/engine/security/rootless/#rootless-docker-in-docker [2] https://github.com/moby/moby/issues/22139
