[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] docker binary

From: Daniel J Walsh <dwalsh redhat com>
To: Trevor Jay <tjay redhat com>, atomic-devel projectatomic io
Subject: Re: [atomic-devel] docker binary
Date: Tue, 21 Jul 2015 10:47:23 -0400


On 07/21/2015 09:28 AM, Trevor Jay wrote:
> On Tue, Jul 21, 2015 at 08:22:50AM -0400, Daniel J Walsh wrote:
>> Yes we actually recommend using something like
>>
>> docker run -ti -v /:/host -v /run:/run -v /dev:/dev --privileged fedora
>> /bin/sh
>>
>> And then you can add stuff like
>> --net=host --pid=host --ipc=host
>>
>> And you slowly end up where only /usr inside your container is separate
>> from the host system.
>>
> Yup. On the other end of the spectrum: if all you want to do is start and stop services with systemctlin a container, you can usually get by with:
>
>  -v /run/dbus:/var/run/dbus -v /run/systemd:/var/run/systemd 
>
> And you don't even need --privileged. Of course, there's a whole world in-between the two approaches.
>
> It all depends on exactly what you're looking to do. strace is your friend. :)
>
> _Trevor
>
Well SELinux might get in the way of the no privileged part.  (At least
it should).

Follow-Ups:
- Re: [atomic-devel] docker binary
  - From: Waldemar Augustyn

References:
- [atomic-devel] docker binary
  - From: Waldemar Augustyn
- Re: [atomic-devel] docker binary
  - From: Trevor Jay
- Re: [atomic-devel] docker binary
  - From: Waldemar Augustyn
- Re: [atomic-devel] docker binary
  - From: Daniel J Walsh
- Re: [atomic-devel] docker binary
  - From: Trevor Jay

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]