WIP: Re-enable userns isolation.

This reverts commit 447f548.
This would close #6.

Vagrantfile

@@ -1,7 +1,7 @@
 Vagrant.configure("2") do |config|
   config.vm.box = "ubuntu/bionic64"
   config.vm.provider :virtualbox do |v|
-    v.memory = 1500
+    v.memory = 768
   end
 
   config.vm.network :forwarded_port, host: 8080, guest: 80
@@ -11,6 +11,7 @@ Vagrant.configure("2") do |config|
     apt-get install -y docker.io
     adduser vagrant docker
     systemctl enable docker.service
+    echo '{"userns-remap": "default"}' > /etc/docker/daemon.json
     docker swarm init
     docker network create --driver overlay traefik_net
     echo "foo" | docker secret create DASHING_AUTH_TOKEN -

disabled/portainer.yml

@@ -37,8 +37,8 @@ services:
       # AGENT_PORT: 9001
       # LOG_LEVEL: debug
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /var/lib/docker/volumes:/var/lib/docker/volumes
+      - /var/run/docker-userns.sock:/var/run/docker.sock
+      - /var/lib/docker/165536.165536/volumes:/var/lib/docker/volumes
     networks:
       - internal
     deploy:

disabled/swarmpit.yml

@@ -6,7 +6,7 @@ services:
     environment:
       - SWARMPIT_DB=http://db:5984
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /var/run/docker-userns.sock:/var/run/docker.sock:ro
     networks:
       - internal
       - traefik
@@ -34,7 +34,7 @@ services:
     environment:
       - DOCKER_API_VERSION=1.35
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /var/run/docker-userns.sock:/var/run/docker.sock:ro
     networks:
       - internal
     deploy:

enabled/traefik.yml

@@ -13,7 +13,7 @@ services:
       - CF_API_KEY
       - TRAEFIK_DIGEST_AUTH
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker-userns.sock:/var/run/docker.sock
       - acme:/etc/traefik/acme
       - tmp:/tmp
     networks: