I need to test an infra on Docker for work, the setup is the following (extremely simplified) :
- A NFS container exporting a folder
- A Rocky linux container, mounting the NFS export from the other container
I very much know that this is not how i should do this but the only purpose is to replicate a production environment (that is not even in docker).
This setup is working if i run docker in root mode, adding CAP_SYS_ADMIN to the rocky linux container.
However it is not working when i use docker-rootless with my normal user as intended.
I tried using a security wrapper to add cap_sys_admin capability to rootlesskit, which should solve my problem if i understand correctly but it does not :
docker = {
storageDriver = "btrfs";
rootless = {
enable = true;
setSocketVariable = true;
};
};
security = {
wrappers.docker-rootlesskit = {
owner = "root";
group = "root";
capabilities = "cap_sys_admin+ep";
source = "${pkgs.rootlesskit}/bin/rootlesskit";
};
};
Am i missing something here ? This is not a huge problem as it is only used for testing purposes and that nobody should have a similar docker setup but it seems like this should work.