[lxc-users] Running docker inside unprivileged LXC containers
Robert Pendell
shinji at elite-systems.org
Wed Jun 10 14:25:41 UTC 2015
On Wed, Jun 10, 2015 at 10:17 AM, Akshay Karle <akshay.a.karle at gmail.com> wrote:
> Hello,
>
> I'm currently working on a project that requires to run docker containers
> inside unprivileged LXC containers. I've managed to run unprivileged
> containers on an Ubuntu 14.04 host. I've also managed to get the docker
> daemon running using the LXC driver instead of native docker exec driver.
> Right now I'm stuck when trying to start a docker container as it attempts
> to create special devices which fails as it doesn't have the permissions to
> do so in the unprivileged container.
>
[snip]
>
> LXC version on the host and container: 1.0.7
>
> # Container specific configuration
> lxc.mount.auto = cgroup
> lxc.aa_profile = unconfined
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
> lxc.rootfs = /home/vagrant/.local/share/lxc/u1/rootfs
> lxc.utsname = u1
>
[snip]
>
> Has anyone had any success in doing this? Any ideas if this is even
> possible?
>
I have not personally tried but I believe you need to change
lxc.aa_profile to lxc-container-default-with-nesting.
Robert Pendell
shinji at elite-systems.org
A perfect world is one of chaos.
Keybase: http://keybase.io/shinji257
More information about the lxc-users
mailing list