[lxc-users] Running docker inside unprivileged LXC containers
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Jun 26 21:56:02 UTC 2015
Quoting Yonsy Solis (yonsy.s.p at gmail.com):
>
>
> On miƩ, jun 10, 2015 at 9:17 AM, Akshay Karle
> <akshay.a.karle at gmail.com> wrote:
> >Hello,
> >
> >I'm currently working on a project that requires to run docker
> >containers inside unprivileged LXC containers.
> <big snip>
> >Has anyone had any success in doing this? Any ideas if this is
> >even possible?
>
> https://github.com/docker/docker/issues/1034
> https://github.com/docker/docker/issues/2918
> https://github.com/docker/docker/issues/2919
>
> resume: Docker daemon requires real root rights in the node for aufs
> mount/dismount layers,
Maxim (cc:d) has created:
https://github.com/mpatlasov/docker.git proxy-graph-driver.
which iiuc should solve this problem?
> iptables rules.
Most iptables rules should be fine in a container though.
So this leaves the need for Akshay Karle's patch to not create devices
if in a user namespace. Is that all that's needed, or does it just
bring us to the next roadblock?
More information about the lxc-users
mailing list