[lxc-devel] [lxc-users] docker in lxc
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Nov 16 17:41:54 UTC 2015
Quoting Akshay Karle (akshay.a.karle at gmail.com):
> Hey Serge and Maxim,
>
> I've been busy with some work here and haven't had a lot of time to look
> into this. I can spend sometime now to help out.
>
> Since I don't have much idea of how to go about creating the graph driver
> proxy for docker, I started by trying to see what problems we get when
> starting docker 1.10 experimental daemon inside an unprivileged container
> and seems that it fails to start with an error "Error starting daemon:
> Devices cgroup isn't mounted". Now, this seems to be an error unrelated to
> what the graph driver would resolve, but please correct me if I'm wrong as
> I'm quite new to lxc or docker dev. Looking at the docker code [1], it
> looks like the libcontainer which does parsing of cgroup mount point
> doesn't take into consideration the fact that cgroups are running on lxcfs
> inside the container. I'm now investigating what the solution could be to
> solve this. Let me know if you have any ideas.
So this may get fixed with cgroup namespaces,
(i.e. https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/log/?h=2015-11-10/cgroupns,
github.com/hallyn/lxcfs #2015-11-10/cgns and github.com/lxc/ #2015-11-09/cgns)
but of course for backward compatability that should still be fixed. Which
requires choosing a way for docker to decide whether cgroups are in fact
mounted.
> Also, do you think it makes more sense to have this discussion on lxc-devel
> than lxc-users?
yeah, might. Switched to that (and cc:d Maxim as he's not on lxc-devel)
More information about the lxc-devel
mailing list