[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] docker binary




On 07/21/2015 09:28 AM, Trevor Jay wrote:
> On Tue, Jul 21, 2015 at 08:22:50AM -0400, Daniel J Walsh wrote:
>> Yes we actually recommend using something like
>>
>> docker run -ti -v /:/host -v /run:/run -v /dev:/dev --privileged fedora
>> /bin/sh
>>
>> And then you can add stuff like
>> --net=host --pid=host --ipc=host
>>
>> And you slowly end up where only /usr inside your container is separate
>> from the host system.
>>
> Yup. On the other end of the spectrum: if all you want to do is start and stop services with systemctlin a container, you can usually get by with:
>
>  -v /run/dbus:/var/run/dbus -v /run/systemd:/var/run/systemd 
>
> And you don't even need --privileged. Of course, there's a whole world in-between the two approaches.
>
> It all depends on exactly what you're looking to do. strace is your friend. :)
>
> _Trevor
>
Well SELinux might get in the way of the no privileged part.  (At least
it should).





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]