From e3e2c394626a80009203290f6df0a4cbb6dcf05a Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Sat, 8 Aug 2020 04:08:35 +0900
Subject: [PATCH] update docs/rootless.md

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 docs/rootless.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/rootless.md b/docs/rootless.md
index 16440b14e..6f31dae5d 100644
--- a/docs/rootless.md
+++ b/docs/rootless.md
@@ -11,16 +11,16 @@ See also [Rootless Docker documentation](https://docs.docker.com/engine/security
 ```console
 $ rootlesskit --net=slirp4netns --copy-up=/etc --copy-up=/run \
   --state-dir=/run/user/1001/rootlesskit-containerd \
-  sh -c "rm -rf /run/containerd; containerd -c config.toml"
+  sh -c "rm -f /run/containerd; exec containerd -c config.toml"
 ```
 
-* `--net=slirp4netns --copy-up=/etc` is only required when you want to unshare network namespaces
+* `--net=slirp4netns --copy-up=/etc` is only required when you want to unshare network namespaces.
+  See [RootlessKit documentation](https://github.com/rootless-containers/rootlesskit/tree/v0.10.0#network-drivers) for the further information about the network drivers.
 * `--copy-up=/DIR` mounts a writable tmpfs on `/DIR` with symbolic links to the files under the `/DIR` on the parent namespace
   so that the user can add/remove files under `/DIR` in the mount namespace.
   `--copy-up=/etc` and `--copy-up=/run` are needed on typical setup.
   Depending on the containerd plugin configuration, you may also need to add more `--copy-up` options.
-* `rm -rf /run/containerd` is required for v2 shim as a workaround for [#2767](https://github.com/containerd/containerd/issues/2767).
-  This command removes the "copied-up" symbolic link to `/run/containerd` on the parent namespace (if exists), which cannot be accessed by non-root users.
+* `rm -f /run/containerd` removes the "copied-up" symbolic link to `/run/containerd` on the parent namespace (if exists), which cannot be accessed by non-root users.
   The actual `/run/containerd` directory on the host is not affected.
 * `--state-dir` is set to a random directory under `/tmp` if unset. RootlessKit writes the PID to a file named `child_pid` under this directory.
 * You need to provide `config.toml` with your own path configuration. e.g.
@@ -46,3 +46,5 @@ $ ctr run -t --rm --fifo-dir /tmp/foo-fifo --cgroup "" docker.io/library/ubuntu:
 
 * `overlayfs` snapshotter does not work inside user namespaces, except on Ubuntu and Debian kernels.
   However, [`fuse-overlayfs` snapshotter](https://github.com/AkihiroSuda/containerd-fuse-overlayfs) can be used instead if running kernel >= 4.18.
+* Enabling cgroup requires cgroup v2 and systemd, e.g. `ctr run --cgroup "user.slice:foo:bar" --runc-systemd-cgroup ...` .
+  See also [runc documentation](https://github.com/opencontainers/runc/blob/v1.0.0-rc92/docs/cgroup-v2.md).