[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lxc-users
Subject:    Re: [lxc-users] Docker in unprivileged LXC?
From:       Oliver Dzombic <info () layer7 ! net>
Date:       2019-11-20 11:04:47
Message-ID: 151bb58b-dd16-f386-4a5c-bae23a22a4f6 () layer7 ! net
[Download RAW message or body]

Hi,

afaik:

security.nesting: "true"

makes the container automatically privileged...

-- 
Mit freundlichen Gruessen / Best regards

Oliver Dzombic
Layer7 Networks

mailto:info@layer7.net

Anschrift:

Layer7 Networks GmbH
Zum Sonnenberg 1-3
63571 Gelnhausen

HRB 96293 beim Amtsgericht Hanau
Geschäftsführung: Oliver Dzombic
UST ID: DE259845632

Am 20.11.19 um 11:57 schrieb Tomasz Chmielewski:
> On 2019-11-20 19:52, Dirk Geschke wrote:
>> Hi all,
>>
>> is there a way to get docker up and running in an unprivileged
>> LXC? It seems to have problems with cgroups:
>>
>>    docker: Error response from daemon: OCI runtime create failed:
>> container_linux.go:344: starting container process caused
>> "process_linux.go:275: applying cgroup configuration for process
>> caused \"mkdir /sys/fs/cgroup/cpuset/docker: permission denied\"":
>> unknown.
>>
>> Does someone know a way to get it working? I don't trust the
>> docker containers, so my idea was to run them in an LXC. But
>> up to now I have no clue how to do this...
> 
> You just need to set this:
> 
>   security.nesting: "true"
> 
> 
> (in "lxc config edit container-name").
> 
> 
> Tomasz Chmielewski
> https://lxadm.com
> _______________________________________________
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[prev in list] [next in list] [prev in thread] [next in thread]