[lxc-users] docker in lxc

Serge Hallyn serge.hallyn at ubuntu.com
Wed Feb 17 22:30:07 UTC 2016


Quoting Tamas Papp (tompos at martos.bme.hu):
> 
> 
> On 01/11/2016 06:22 PM, Serge Hallyn wrote:
> >Quoting Tamas Papp (tompos at martos.bme.hu):
> >>
> >>On 01/07/2016 07:28 PM, Serge Hallyn wrote:
> >>>I've been playing with docker in lxd containers under cgroup namespaces.
> >>>There are still a few things to tweak, but it mostly works.
> >>What settings or steps does it require?
> >I've got a few patches to runc/docker to take care of most of it.  When those
> >are merged, you'll need
> >
> >1. a cgroup-namespace kernel (and the ubuntu unprivileged overlay kernel)
> >    I should probably put these in a ppa.
> >2. the overlay docker driver
> >3. hide apparmor (echo 0 > aa; mount --bind aa /sys/module/apparmor/paramaters/enabled)
> >4. probably rm $base_image/dev/shm because of a kernel bug which i'm hoping we fix
> >soon
> >
> >># docker daemon --storage-driver=aufs
> >>FATA[0000] Error starting daemon: error initializing graphdriver:
> >>driver not supported
> >Yeah use overlay.  btrfs may work.
> 
> hi Serge,
> 
> 
> docker 1.10 is out. Have those patches been merged, can we test it?
> 
> I'm quite exciting.

Hi,

A set of patches is at github.com/hallyn/docker #v1.10.0.serge.2 .  Some
of those are accepted into github.com/opencontainers/runc.  For the
docker specific ones I have to wait until docker is able to merge the newer
libcontainer with my patches.

You also need a kernel with cgroup namespaces;  you can use linux-next, or
hopefully soon the xenial kernel will have them.

With that, I can get 'docker pull ubuntu' to work, and running a container
almost works, except I'm getting a weird (new) cgroup failure, which I
didn't get a few weeks ago.  (The container is trying to stat something
like /sys/fs/user.slice/user-1000.slice/session-c6.scope/init.scope which
obviously is invalid.  I'll get back to trying to track that down soon.)

Oh, the above is using docker's overlayfs backing store.

-serge


More information about the lxc-users mailing list