🚀 Enhancements: Support Docker rootless mode & fix file ownership in root mode @Nuru (#771)
what && why
- Install wrapper script in
$HOME/.local/bin(per XDG recommendation) if/usr/local/binis not writable. Supports preferred solution for #594, which is to have users run Docker in "rootless" mode. - Provide option to use BindFS to map file owners on the host. Fixes #594 for users running
dockerdaemon as root. - Resolves #766
- Resolves #767
- Downgrade the warning for Apple M1 Emulating Intel from seriously unsupported to a notice that there may be issues. Progress on #719 in that it appears the emulator is getting better, but still insufficient progress on native M1 support.
- Minor cleanups.
notes
This release introduces a new customization:
export GEODESIC_HOST_BINDFS_ENABLED=true
When Geodesic is launched by a shell where $GEODESIC_HOST_BINDFS_ENABLED == true it will configure /localhost so that files created by root inside Geodesic will have their ownership mapped to the same user ID and group ID as on the host. This a solution for people experiencing #594 and ONLY them. If your present solution is not creating files on the host owned by root then option will likely cause new problems.
Note further that this is a workaround and not the desired solution. Our recommendation is that you resolve the underlying issue by running Docker in "rootless" mode. This is much more secure and avoids the issue causing problems in the first place.