[lxc-users] docker in lxc
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Feb 17 22:30:07 UTC 2016
Quoting Tamas Papp (tompos at martos.bme.hu):
>
>
> On 01/11/2016 06:22 PM, Serge Hallyn wrote:
> >Quoting Tamas Papp (tompos at martos.bme.hu):
> >>
> >>On 01/07/2016 07:28 PM, Serge Hallyn wrote:
> >>>I've been playing with docker in lxd containers under cgroup namespaces.
> >>>There are still a few things to tweak, but it mostly works.
> >>What settings or steps does it require?
> >I've got a few patches to runc/docker to take care of most of it. When those
> >are merged, you'll need
> >
> >1. a cgroup-namespace kernel (and the ubuntu unprivileged overlay kernel)
> > I should probably put these in a ppa.
> >2. the overlay docker driver
> >3. hide apparmor (echo 0 > aa; mount --bind aa /sys/module/apparmor/paramaters/enabled)
> >4. probably rm $base_image/dev/shm because of a kernel bug which i'm hoping we fix
> >soon
> >
> >># docker daemon --storage-driver=aufs
> >>FATA[0000] Error starting daemon: error initializing graphdriver:
> >>driver not supported
> >Yeah use overlay. btrfs may work.
>
> hi Serge,
>
>
> docker 1.10 is out. Have those patches been merged, can we test it?
>
> I'm quite exciting.
Hi,
A set of patches is at github.com/hallyn/docker #v1.10.0.serge.2 . Some
of those are accepted into github.com/opencontainers/runc. For the
docker specific ones I have to wait until docker is able to merge the newer
libcontainer with my patches.
You also need a kernel with cgroup namespaces; you can use linux-next, or
hopefully soon the xenial kernel will have them.
With that, I can get 'docker pull ubuntu' to work, and running a container
almost works, except I'm getting a weird (new) cgroup failure, which I
didn't get a few weeks ago. (The container is trying to stat something
like /sys/fs/user.slice/user-1000.slice/session-c6.scope/init.scope which
obviously is invalid. I'll get back to trying to track that down soon.)
Oh, the above is using docker's overlayfs backing store.
-serge
More information about the lxc-users
mailing list