Containers now run unprivileged by default — a container breakout maps to a sub-UID, not host root. Rooted remains available as a legacy opt-in. Existing installs keep their current mode (config reconciliation is add-only); fresh installs get rootless. The rootless path already handles unprivileged ports (ip_unprivileged_port_start=0) and userns. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
8 lines
719 B
Plaintext
Executable File
8 lines
719 B
Plaintext
Executable File
# ================================================================================
|
|
# Docker - Container runtime installation and configuration **ADVANCED**
|
|
# ================================================================================
|
|
CFG_DOCKER_INSTALL_TYPE=rootless # Docker Installation Type - rootless (default, recommended): containers run unprivileged so a breakout isn't host root; rooted: legacy, containers run as root [rootless|rooted]
|
|
CFG_DOCKER_INSTALL_USER=dockerinstall # Docker Install User - Username for Docker installation operations
|
|
CFG_DOCKER_INSTALL_PASS=RANDOMIZEDPASSWORD2 # Docker Install Password - Password for Docker install user
|
|
|