[lxc-users] docker in lxc
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Nov 6 20:13:23 UTC 2015
Hey guys,
sorry I tined out for a bit, but now I may have some time. Have you guys
been working at all together off-list?
-serge
Quoting Tamas Papp (tompos at martos.bme.hu):
> Whooo. Thanks in advance, guys!
>
> I'm not a programmer, cannot work by myself on this, but look
> forward the feature.
> Please keep the list posted, I'm sure many of us are interested and
> also willing to test the code.
>
> Cheers,
> tamas
>
> On 10/16/2015 07:08 PM, Serge Hallyn wrote:
> >Absolutely! I've not actually started working on that. (I hadn't noticed
> >that the docker PR was merged) Maxim (cc:d) is the one who is working on
> >this at Odin - I think it'd be best if we can all work together.
> >
> >-serge
> >
> >Quoting Akshay Karle (akshay.a.karle at gmail.com):
> >>Hey Serge,
> >>
> >>This is something I'm interested in as well. Anyway I could help with the
> >>implementation of the graphdriver proxy?
> >>
> >>On Fri, Oct 16, 2015 at 12:10 PM Serge Hallyn <serge.hallyn at ubuntu.com>
> >>wrote:
> >>
> >>>Quoting Tamas Papp (tompos at martos.bme.hu):
> >>>>
> >>>>On 08/31/2015 03:59 PM, Serge Hallyn wrote:
> >>>>>Quoting Tamas Papp (tompos at martos.bme.hu):
> >>>>>>On 08/28/2015 03:48 PM, Serge Hallyn wrote:
> >>>>>>>Quoting Tamas Papp (tompos at martos.bme.hu):
> >>>>>>>>hi,
> >>>>>>>>
> >>>>>>>>I would like to achieve, what is in subject.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>However, I cannot get over on this apparmor issue:
> >>>>>>>>
> >>>>>>>>[7690496.246952] type=1400 audit(1440757904.938:1130):
> >>>>>>>>apparmor="DENIED" operation="mount" info="failed flags match"
> >>>>>>>>error=-13 profile="lxc-docker" name="/var/lib/docker/aufs/"
> >>>>>>>>pid=32534 comm="docker" flags="rw, private"
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>I read some post on various forums, that I need to run the lxc
> >>>>>>>>container with unconfined profile.
> >>>>>>>>Is still the case?
> >>>>>>>Excellent, I've been wanting to bring this up here :)
> >>>>>>>
> >>>>>>>Maxim at Odin has been working on a proxy graphdriver for
> >>>>>>>docker. The PR is at
> >>>>>>>
> >>>>>>>https://github.com/docker/docker/pull/15594
> >>>>>>>
> >>>>>>>I'm hoping to test that today and see what else is still
> >>>>>>>needed. I would assume a custom apparmor policy will still
> >>>>>>>be needed, but since the host is doing most of the mounting
> >>>>>>>you should be able to avoid just being unconfined.
> >>>>>>hi,
> >>>>>>
> >>>>>>For the first look it seems to be a big change, that requires a more
> >>>>>>qualified one for testing.
> >>>>>>Did you take a look?
> >>>>>I've taken a look at the code but haven't built it yet. (having
> >>>>>some toolchain issues)
> >>>>https://github.com/docker/docker/pull/13777
> >>>>
> >>>>This was merged, does it mean, that docker should be usable in LXC
> >>>>from this point?
> >>>Not exactly. As you can see from the final comment in
> >>>
> >>>https://github.com/docker/docker/pull/15924
> >>>
> >>>it now means that we can write a graphdriver proxy. The original
> >>>openvz pull request would have been almost all we needed - allowing
> >>>the graphdriver to talk over a unix socket to the host where the
> >>>requested actions could be done. The pull request which was accepted
> >>>does less - only allowing you to implement your own proxy to talk to
> >>>a service on the host. (that service *also* needs to be written)
> >>>_______________________________________________
> >>>lxc-users mailing list
> >>>lxc-users at lists.linuxcontainers.org
> >>>http://lists.linuxcontainers.org/listinfo/lxc-users
> >>_______________________________________________
> >>lxc-users mailing list
> >>lxc-users at lists.linuxcontainers.org
> >>http://lists.linuxcontainers.org/listinfo/lxc-users
> >_______________________________________________
> >lxc-users mailing list
> >lxc-users at lists.linuxcontainers.org
> >http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list