Re: [atomic-devel] The atomic command and setting hostname for containers

[Daniel J Walsh <dwalsh redhat com>]

On 04/19/2016 07:21 AM, Jan Pazdziora wrote:
> On Wed, Feb 17, 2016 at 10:44:52AM -0500, Daniel J Walsh wrote:
> > Right but your install script could communicate with docker to create a
> > container.
> > IE You separate out the act of running the install script from the
> > actual creation of the
> > container.
> >
> > You install.sh could execute
> >
> > docker create -h ipa.execample.com FOOBAR
> This would have to be
>
> 	chroot $HOST docker create -h ipa.execample.com FOOBAR
>
> right?
>
> Is invocation of the docker (client) from inside of the INSTALL
> container recommended practice that we plan to support long-term?
> The container running the install.sh would need to be --privileged,
> to populate content on $HOST and call the docker command, and the
> second container could then be unprivileged, calling something like
> install-unprivileged.sh in the image.
>
> I like the approach, I'm only worried if we are ready to support it
> long term.
Either that or you embed docker inside of the container, and volume 
mount /run into the container.

But I like your example better.  atomic install should almost always be 
a privileged container.