[lxc-users] Running docker inside unprivileged LXC containers

Serge Hallyn serge.hallyn at ubuntu.com
Fri Jun 26 21:56:02 UTC 2015


Quoting Yonsy Solis (yonsy.s.p at gmail.com):
> 
> 
> On miƩ, jun 10, 2015 at 9:17 AM, Akshay Karle
> <akshay.a.karle at gmail.com> wrote:
> >Hello,
> >
> >I'm currently working on a project that requires to run docker
> >containers inside unprivileged LXC containers.
> <big snip>
> >Has anyone had any success in doing this? Any ideas if this is
> >even possible?
> 
> https://github.com/docker/docker/issues/1034
> https://github.com/docker/docker/issues/2918
> https://github.com/docker/docker/issues/2919
> 
> resume: Docker daemon requires real root rights in the node for aufs
> mount/dismount layers,

Maxim (cc:d) has created:

	https://github.com/mpatlasov/docker.git proxy-graph-driver.

which iiuc should solve this problem?

> iptables rules.

Most iptables rules should be fine in a container though.

So this leaves the need for Akshay Karle's patch to not create devices
if in a user namespace.  Is that all that's needed, or does it just
bring us to the next roadblock?


More information about the lxc-users mailing list