Right way to use docker rootless mode on ZFS filesystem

Question

I configure my docker to be used with rootless mode and it works fine. But I changed my data-dir to store all the docker's data in a zfs filesystem. It appears that it is not working directly and I am looking for the right way to setup my system.

The storage driver is well configured and I obtain the following error

docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Extracting [==================================================>]  2.479kB/2.479kB
docker: failed to register layer: exit status 1: "/sbin/zfs fs create -o mountpoint=legacy xxxx/main/3a2069b67391755d42342cbfa9c0a78cb779759787e219bd8a80c4c2d51c2e96" => cannot create 'xxxx/main/3a2069b67391755d42342cbfa9c0a78cb779759787e219bd8a80c4c2d51c2e96': permission denied

I assumed that this error is completely normal but how can we force securely to allow to create mountpoint without root rights.

Answer 1

The zfs storage driver is unfortunately not supported in rootless

From https://docs.docker.com/engine/security/rootless/

Known limitations 🔗

Only the following storage drivers are supported:

• overlay2 (only if running with kernel 5.11 or later, or Ubuntu-flavored kernel)
• fuse-overlayfs (only if running with kernel 4.18 or later, and fuse-overlayfs is installed)
• btrfs (only if running with kernel 4.18 or later, or ~/.local/share/docker is mounted with user_subvol_rm_allowed mount option)
• vfs