From 01d3876fabf4cd089349f6f78e8eb2e69d54509e Mon Sep 17 00:00:00 2001
From: Pierre Roudier <pierre@roudier.io>
Date: Wed, 29 May 2024 09:02:00 -0400
Subject: [PATCH] feat: compatibility with docker userns-remap (#1442)

---
 pkg/runtimes/docker/translate.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/runtimes/docker/translate.go b/pkg/runtimes/docker/translate.go
index 3bbf4101..f7be77fc 100644
--- a/pkg/runtimes/docker/translate.go
+++ b/pkg/runtimes/docker/translate.go
@@ -127,6 +127,9 @@ func TranslateNodeToContainer(node *k3d.Node) (*NodeInDocker, error) {
 	// TODO: can we replace this by a reduced set of capabilities?
 	hostConfig.Privileged = true
 
+	// Privileged containers require userns=host when Docker has userns-remap enabled
+	hostConfig.UsernsMode = "host"
+
 	if node.HostPidMode {
 		hostConfig.PidMode = "host"
 	}