[lxc-users] Running docker inside unprivileged LXC containers
Akshay Karle
akshay.a.karle at gmail.com
Wed Jun 10 14:52:24 UTC 2015
>
> https://github.com/docker/docker/issues/1034
> https://github.com/docker/docker/issues/2918
> https://github.com/docker/docker/issues/2919
>
> resume: Docker daemon requires real root rights in the node for aufs
> mount/dismount layers, iptables rules. unprivileged containers == user
> namespaces, and this will not work with Docker (one reason why i prefer
> lxc/lxd + Ansible than Docker)
>
Yes, the docker daemon does fail when you try to use a layered FS for
storage and their libcontainer driver. But when I switched to VFS for
storage and LXC driver for exec, I did manage to get the docker daemon
running. I think this is very recent, but after docker 1.2 I think when the
removed a bunch of capabilities that docker would need. So I definitely
can't run a privileged docker container inside LXC but should be able to
run a docker container without any capabilities. I'm I missing something?
The problem is what Serge mentions that the docker containers try to create
devices and fail to do so because of the containers have no perms.
Switching the app_armor profile also won't help if I understand correct?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150610/91b0d747/attachment.html>
More information about the lxc-users
mailing list