[lxc-users] docker in lxc

Tamas Papp tompos at martos.bme.hu
Sat Nov 7 06:38:46 UTC 2015 

Not really.

thanks!

On November 6, 2015 21:13:45 Serge Hallyn <serge.hallyn at ubuntu.com> wrote:

> Hey guys,
>
> sorry I tined out for a bit, but now I may have some time.  Have you guys
> been working at all together off-list?
>
> -serge
>
> Quoting Tamas Papp (tompos at martos.bme.hu):
>> Whooo. Thanks in advance, guys!
>>
>> I'm not a programmer, cannot work by myself on this, but look
>> forward the feature.
>> Please keep the list posted, I'm sure many of us are interested and
>> also willing to test the code.
>>
>> Cheers,
>> tamas
>>
>> On 10/16/2015 07:08 PM, Serge Hallyn wrote:
>> >Absolutely!  I've not actually started working on that.  (I hadn't noticed
>> >that the docker PR was merged)  Maxim (cc:d) is the one who is working on
>> >this at Odin - I think it'd be best if we can all work together.
>> >
>> >-serge
>> >
>> >Quoting Akshay Karle (akshay.a.karle at gmail.com):
>> >>Hey Serge,
>> >>
>> >>This is something I'm interested in as well. Anyway I could help with the
>> >>implementation of the graphdriver proxy?
>> >>
>> >>On Fri, Oct 16, 2015 at 12:10 PM Serge Hallyn <serge.hallyn at ubuntu.com>
>> >>wrote:
>> >>
>> >>>Quoting Tamas Papp (tompos at martos.bme.hu):
>> >>>>
>> >>>>On 08/31/2015 03:59 PM, Serge Hallyn wrote:
>> >>>>>Quoting Tamas Papp (tompos at martos.bme.hu):
>> >>>>>>On 08/28/2015 03:48 PM, Serge Hallyn wrote:
>> >>>>>>>Quoting Tamas Papp (tompos at martos.bme.hu):
>> >>>>>>>>hi,
>> >>>>>>>>
>> >>>>>>>>I would like to achieve, what is in subject.
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>However, I cannot get over on this apparmor issue:
>> >>>>>>>>
>> >>>>>>>>[7690496.246952] type=1400 audit(1440757904.938:1130):
>> >>>>>>>>apparmor="DENIED" operation="mount" info="failed flags match"
>> >>>>>>>>error=-13 profile="lxc-docker" name="/var/lib/docker/aufs/"
>> >>>>>>>>pid=32534 comm="docker" flags="rw, private"
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>I read some post on various forums, that I need to run the lxc
>> >>>>>>>>container with unconfined profile.
>> >>>>>>>>Is still the case?
>> >>>>>>>Excellent, I've been wanting to bring this up here :)
>> >>>>>>>
>> >>>>>>>Maxim at Odin has been working on a proxy graphdriver for
>> >>>>>>>docker.  The PR is at
>> >>>>>>>
>> >>>>>>>https://github.com/docker/docker/pull/15594
>> >>>>>>>
>> >>>>>>>I'm hoping to test that today and see what else is still
>> >>>>>>>needed.  I would assume a custom apparmor policy will still
>> >>>>>>>be needed, but since the host is doing most of the mounting
>> >>>>>>>you should be able to avoid just being unconfined.
>> >>>>>>hi,
>> >>>>>>
>> >>>>>>For the first look it seems to be a big change, that requires a more
>> >>>>>>qualified one for testing.
>> >>>>>>Did you take a look?
>> >>>>>I've taken a look at the code but haven't built it yet.  (having
>> >>>>>some toolchain issues)
>> >>>>https://github.com/docker/docker/pull/13777
>> >>>>
>> >>>>This was merged, does it mean, that docker should be usable in LXC
>> >>>>from this point?
>> >>>Not exactly.  As you can see from the final comment in
>> >>>
>> >>>https://github.com/docker/docker/pull/15924
>> >>>
>> >>>it now means that we can write a graphdriver proxy.  The original
>> >>>openvz pull request would have been almost all we needed - allowing
>> >>>the graphdriver to talk over a unix socket to the host where the
>> >>>requested actions could be done.  The pull request which was accepted
>> >>>does less - only allowing you to implement your own proxy to talk to
>> >>>a service on the host.  (that service *also* needs to be written)
>> >>>_______________________________________________
>> >>>lxc-users mailing list
>> >>>lxc-users at lists.linuxcontainers.org
>> >>>http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>_______________________________________________
>> >>lxc-users mailing list
>> >>lxc-users at lists.linuxcontainers.org
>> >>http://lists.linuxcontainers.org/listinfo/lxc-users
>> >_______________________________________________
>> >lxc-users mailing list
>> >lxc-users at lists.linuxcontainers.org
>> >http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list