Via /etc/docker/daemon.json
, I've configured a user namespace using userns-remap
. I'm trying to start a nginx-proxy
container, but it requires access to the Docker socket, which requires it to be real root. The namespacing breaks this, causing an "operation not permitted"
error.
Is there a way to tell Docker to not put this one individual container in the namespace? If it's possible through docker-compose, that's preferrable.
Best Answer
This problem can be solved by adding the command line option for the container in question
--userns=host
.For
docker-compose
, theversion
must be2.1
or newer. You can adduserns_mode: 'host'
to the relevant service definition.