docker-container: move userns detection into driver

This moves the detection of the docker daemon's security options into the driver from the factory, handling them in a similar way to how we do cgroups. Because of recent changes that modify error detection in driver creation, this attempt to contact the docker daemon during builder creation meant that a docker-container builder could not be created without access to the docker socket. This patch resolves this, by defering the Info call to the driver, when the container is actually created. Signed-off-by: Justin Chadwell <me@jedevc.com>
2025-07-09 21:17:09 +08:00 · 2022-10-21 13:44:44 +01:00
parent a6caf4b948
commit 33ef1b3a30
2 changed files with 20 additions and 25 deletions
--- a/driver/docker-container/factory.go
+++ b/driver/docker-container/factory.go
@ -6,7 +6,6 @@ import (
 	"strings"

 	"github.com/docker/buildx/driver"
-	dockertypes "github.com/docker/docker/api/types"
 	dockerclient "github.com/docker/docker/client"
 	"github.com/pkg/errors"
 )
@ -41,20 +40,6 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 		return nil, errors.Errorf("%s driver requires docker API access", f.Name())
 	}
 	d := &Driver{factory: f, InitConfig: cfg}
-	dockerInfo, err := cfg.DockerAPI.Info(ctx)
-	if err != nil {
-		return nil, err
-	}
-	secOpts, err := dockertypes.DecodeSecurityOptions(dockerInfo.SecurityOptions)
-	if err != nil {
-		return nil, err
-	}
-	for _, f := range secOpts {
-		if f.Name == "userns" {
-			d.userNSRemap = true
-			break
-		}
-	}
 	for k, v := range cfg.DriverOpts {
 		switch {
 		case k == "network":