rootless-containers · AkihiroSuda · Mar 14, 2026 · Mar 14, 2026
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -225,7 +225,7 @@ jobs:
       matrix:
         # The design of the proxy was changed in Docker v28.
         # rootlesskit-docker-proxy is no longer used since Docker v28.
-        docker_version: [27.5.1, 28.1.1]
+        docker_version: [27.5.1, 29.3.0]
     steps:
     - name: "Set up AppArmor"
       run: |

diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,10 @@
-ARG GO_VERSION=1.24
+ARG GO_VERSION=1.25
 ARG UBUNTU_VERSION=24.04
 ARG SHADOW_VERSION=4.17.4
-ARG SLIRP4NETNS_VERSION=v1.3.2
+ARG SLIRP4NETNS_VERSION=v1.3.3
 ARG VPNKIT_VERSION=0.6.0
-ARG PASST_VERSION=2025_04_15.2340bbf
-ARG DOCKER_VERSION=28.1.1
+ARG PASST_VERSION=2026_01_20.386b5f5
+ARG DOCKER_VERSION=29.3.0
 ARG DOCKER_CHANNEL=stable
 
 FROM golang:${GO_VERSION}-alpine AS build
@@ -95,8 +95,7 @@ FROM test-integration AS test-integration-docker
 ARG DOCKER_VERSION
 ARG DOCKER_CHANNEL
 RUN curl -fsSL https://download.docker.com/linux/static/${DOCKER_CHANNEL}/$(uname -m)/docker-${DOCKER_VERSION}.tgz | tar xz --strip-components=1 -C /home/user/bin/
-RUN curl -fsSL -o /home/user/bin/dockerd-rootless.sh https://raw.githubusercontent.com/moby/moby/v${DOCKER_VERSION}/contrib/dockerd-rootless.sh && \
-  chmod +x /home/user/bin/dockerd-rootless.sh
+RUN curl -fsSL https://download.docker.com/linux/static/${DOCKER_CHANNEL}/$(uname -m)/docker-rootless-extras-${DOCKER_VERSION}.tgz | tar xz --strip-components=1 -C /home/user/bin/ docker-rootless-extras/dockerd-rootless.sh
 # rootlesskit-docker-proxy is no longer needed since Docker v28
 RUN --mount=source=/rootlesskit-docker-proxy,target=/tmp/rootlesskit-docker-proxy,from=artifact <<EOT
   set -ex

diff --git a/hack/integration-docker.sh b/hack/integration-docker.sh
@@ -3,19 +3,23 @@ source $(realpath $(dirname $0))/common.inc.sh
 
 nonloopback="$(hostname -I | awk '{print $1}')"
 
+
+SLEEP_SECS=2
+[ "$DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER" = "implicit" ] && SLEEP_SECS=5
+
 docker rm -f nginx >/dev/null 2>&1 || true
 
 CURL="curl -fsSL"
 set -x
 
 docker run -d --name=nginx -p 8080:80 nginx:alpine
-sleep 2
+sleep "$SLEEP_SECS"
 $CURL "http://127.0.0.1:8080"
 $CURL "http://${nonloopback}:8080"
 docker rm -f nginx
 
 docker run -d --name=nginx -p 127.0.0.1:8080:80 nginx:alpine
-sleep 2
+sleep "$SLEEP_SECS"
 $CURL "http://127.0.0.1:8080"
 $CURL "http://${nonloopback}:8080" && ( ERROR "should fail"; exit 1 )
 docker rm -f nginx
@@ -24,7 +28,7 @@ docker rm -f nginx
 # "Error starting userland proxy: listen tcp4 172.18.0.2:8080: bind: cannot assign requested address."
 if [ "$DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER" != "implicit" ]; then
 	docker run -d --name=nginx -p "${nonloopback}:8080:80" nginx:alpine
-	sleep 2
+	sleep "$SLEEP_SECS"
 	$CURL "http://127.0.0.1:8080" && ( ERROR "should fail"; exit 1 )
 	$CURL "http://${nonloopback}:8080"
 	docker rm -f nginx