Whooo. Thanks in advance, guys!
I'm not a programmer, cannot work by myself on this, but look forward
the feature.
Please keep the list posted, I'm sure many of us are interested and also
willing to test the code.
Cheers,
tamas
On 10/16/2015 07:08 PM, Serge Hallyn wrote:
Absolutely! I've not actually started working on that. (I hadn't noticed
that the docker PR was merged) Maxim (cc:d) is the one who is working on
this at Odin - I think it'd be best if we can all work together.
-serge
Quoting Akshay Karle (akshay.a.ka...@gmail.com):
Hey Serge,
This is something I'm interested in as well. Anyway I could help with the
implementation of the graphdriver proxy?
On Fri, Oct 16, 2015 at 12:10 PM Serge Hallyn <serge.hal...@ubuntu.com>
wrote:
Quoting Tamas Papp (tom...@martos.bme.hu):
On 08/31/2015 03:59 PM, Serge Hallyn wrote:
Quoting Tamas Papp (tom...@martos.bme.hu):
On 08/28/2015 03:48 PM, Serge Hallyn wrote:
Quoting Tamas Papp (tom...@martos.bme.hu):
hi,
I would like to achieve, what is in subject.
However, I cannot get over on this apparmor issue:
[7690496.246952] type=1400 audit(1440757904.938:1130):
apparmor="DENIED" operation="mount" info="failed flags match"
error=-13 profile="lxc-docker" name="/var/lib/docker/aufs/"
pid=32534 comm="docker" flags="rw, private"
I read some post on various forums, that I need to run the lxc
container with unconfined profile.
Is still the case?
Excellent, I've been wanting to bring this up here :)
Maxim at Odin has been working on a proxy graphdriver for
docker. The PR is at
https://github.com/docker/docker/pull/15594
I'm hoping to test that today and see what else is still
needed. I would assume a custom apparmor policy will still
be needed, but since the host is doing most of the mounting
you should be able to avoid just being unconfined.
hi,
For the first look it seems to be a big change, that requires a more
qualified one for testing.
Did you take a look?
I've taken a look at the code but haven't built it yet. (having
some toolchain issues)
https://github.com/docker/docker/pull/13777
This was merged, does it mean, that docker should be usable in LXC
from this point?
Not exactly. As you can see from the final comment in
https://github.com/docker/docker/pull/15924
it now means that we can write a graphdriver proxy. The original
openvz pull request would have been almost all we needed - allowing
the graphdriver to talk over a unix socket to the host where the
requested actions could be done. The pull request which was accepted
does less - only allowing you to implement your own proxy to talk to
a service on the host. (that service *also* needs to be written)
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
