[lxc-users] docker in lxc

Serge Hallyn serge.hallyn at ubuntu.com
Mon Feb 22 17:31:21 UTC 2016 

Quoting Tamas Papp (tompos at martos.bme.hu):
> 
> 
> On 02/17/2016 11:30 PM, Serge Hallyn wrote:
> >Quoting Tamas Papp (tompos at martos.bme.hu):
> >>
> >>On 01/11/2016 06:22 PM, Serge Hallyn wrote:
> >>>Quoting Tamas Papp (tompos at martos.bme.hu):
> >>>>On 01/07/2016 07:28 PM, Serge Hallyn wrote:
> >>>>>I've been playing with docker in lxd containers under cgroup namespaces.
> >>>>>There are still a few things to tweak, but it mostly works.
> >>>>What settings or steps does it require?
> >>>I've got a few patches to runc/docker to take care of most of it.  When those
> >>>are merged, you'll need
> >>>
> >>>1. a cgroup-namespace kernel (and the ubuntu unprivileged overlay kernel)
> >>>    I should probably put these in a ppa.
> >>>2. the overlay docker driver
> >>>3. hide apparmor (echo 0 > aa; mount --bind aa /sys/module/apparmor/paramaters/enabled)
> >>>4. probably rm $base_image/dev/shm because of a kernel bug which i'm hoping we fix
> >>>soon
> >>>
> >>>># docker daemon --storage-driver=aufs
> >>>>FATA[0000] Error starting daemon: error initializing graphdriver:
> >>>>driver not supported
> >>>Yeah use overlay.  btrfs may work.
> >>hi Serge,
> >>
> >>
> >>docker 1.10 is out. Have those patches been merged, can we test it?
> >>
> >>I'm quite exciting.
> >Hi,
> >
> >A set of patches is at github.com/hallyn/docker #v1.10.0.serge.2 .  Some
> >of those are accepted into github.com/opencontainers/runc.  For the
> >docker specific ones I have to wait until docker is able to merge the newer
> >libcontainer with my patches.
> >
> >You also need a kernel with cgroup namespaces;  you can use linux-next, or
> >hopefully soon the xenial kernel will have them.
> >
> >With that, I can get 'docker pull ubuntu' to work, and running a container
> >almost works, except I'm getting a weird (new) cgroup failure, which I
> >didn't get a few weeks ago.  (The container is trying to stat something
> >like /sys/fs/user.slice/user-1000.slice/session-c6.scope/init.scope which
> >obviously is invalid.  I'll get back to trying to track that down soon.)
> >
> >Oh, the above is using docker's overlayfs backing store.
> >
> 
> hi Serge,
> 
> My understanding is that Xenial will support docker in lxc, right?

That's the goal :)

There should be a patched 1.10.0 docker in the archive which will support
it, and I'll keep working on getting the patches upstream when docker manages
to build against latest libcontainer.

Cgroup namespaces are now in the xenial kernel, so we're another step closer.

-serge

More information about the lxc-users mailing list