[lxc-users] Running docker inside unprivileged LXC containers

Serge Hallyn serge.hallyn at ubuntu.com
Mon Jun 15 17:41:52 UTC 2015


Quoting Stewart Brodie (sbrodie at espial.com):
> Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> 
> > Quoting Stewart Brodie (sbrodie at espial.com):

> > > However, another far neater way of doing this could be to use the
> > > freezer instead.  Just give lxc-start a new command-line option to start
> > > the container *but* crucially, leave it frozen when lxc-start exits.
> > > The caller can then just do lxc-start, lxc-device, lxc-unfreeze.
> 
> > > [can you run lxc-device on a frozen container?]
> 
> For future reference, this does indeed work.  I like the idea, because it
> would allow all sorts of fettling to go on with the new container from the
> host side before it really starts executing.

fwiw I'm not opposed to this if someone wants to code it up.  Basically
right before exec(2)ing /sbin/init, the task would freeze itself.


More information about the lxc-users mailing list