Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [container]

A program running inside a container can only see resources and devices assigned to the container.

Isolated user space instances have had different names on different platforms, e.g. containers, zones, jails and virtual environments. It became popularized by Docker from around 2013 and container orchestrating platforms like Kubernetes.

349 questions
31
votes
5 answers

"date -d" command fails on Docker Alpine Linux container

I built Alpine Linux in a Docker container with the following Dockerfile: FROM alpine:3.2 RUN apk add --update jq curl && rm -rf /var/cache/apk/* the build run successfully: $ docker build -t collector . Sending build context to Docker daemon 2.048…
BBJ3
  • 981
  • 1
  • 7
  • 8
30
votes
9 answers

Process descendants

I'm trying to build a process container. The container will trigger other programs. For example - a bash script that launches running background tasks with '&' usage. The important feature I'm after is this: when I kill the container, everything…
Craig Turner
  • 401
  • 1
  • 4
  • 4
27
votes
1 answer

What is the /etc/subuid file?

Following docker instructions, I've run a docker with dockerd --userns-remap=default which added this line to the /etc/subuid file: dockremap:165536:65536 I don't understand what it means, please explain.
Gilgamesz
  • 470
  • 1
  • 4
  • 7
20
votes
2 answers

Linux - LXC; deploying images with tiniest possible X11

is it currently possible to setup LXC containers with X11 capabilities? I'm looking forward for the lightest available X11 container (memory-wise), hardware acceleration a plus but not essential. If it is not currently possible, or readily…
lurscher
  • 290
  • 1
  • 2
  • 11
16
votes
2 answers

Podman volume mounts: When to use the :z or :Z suffix?

The Podman man pages explains for volume mounts/binds: Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside…
rugk
  • 2,806
  • 6
  • 28
  • 58
16
votes
3 answers

How to create user cgroups with systemd

I use unprivileged lxc containers in Arch Linux. Here are the basic system infos: [chb@conventiont ~]$ uname -a Linux conventiont 3.17.4-Chb #1 SMP PREEMPT Fri Nov 28 12:39:54 UTC 2014 x86_64 GNU/Linux It's a custom/compiled kernel with user…
lord.garbage
  • 2,323
  • 5
  • 27
  • 41
15
votes
2 answers

Why is conmon in a different cgroup when podman is started with systemd?

Given podman is installed on a linux system and a systemd unit named baz.service: # /etc/systemd/system/baz.service [Service] ExecStart=/usr/bin/podman run --rm --tty --name baz alpine sh -c 'while true; do date; sleep 1;…
mbigras
  • 2,928
  • 6
  • 28
  • 45
14
votes
1 answer

Sharing unix sockets across unprivileged lxcontainers

I have two unprivileged containers and I'd like to share a unix socket between them. Each container has its own user on the host, complete with separate subuid and subguid mappings. I've tried creating groups in the containers and mapping them to…
Cyclonit
  • 161
  • 1
  • 7
13
votes
1 answer

How can I make a device available inside a systemd-nspawn container with user namespacing?

I would like to mount an encrypted image file using cryptsetup inside a systemd-nspawn container. However, I get this error message: [root@container ~]# echo $key | cryptsetup -d - open luks.img luks Cannot initialize device-mapper. Is dm_mod kernel…
sjy
  • 826
  • 8
  • 22
10
votes
2 answers

LXC containers as a sandbox environment

I am currently starting a project evaluating untrusted programs (student assignments) in a secure sandbox environment. Main idea is to create a web app for GlassFish and Java wrapper around lxc-utils to manage LXC containers. It'll have a queue of…
eXPi
  • 103
  • 1
  • 5
10
votes
1 answer

How to achieve processor affinity in containers?

I see with kubernetes it's possible to set node affinity for certain workloads. I'm wondering if there are any facilities in the various container technologies, such as docker, rocket etc that allow you to pin processes to cores? or if this is even…
barrymac
  • 1,115
  • 1
  • 12
  • 18
10
votes
1 answer

Build Docker image in privileged mode

How to build a Docker image with privileged capabilities, like when running docker run -ti --privileged? So I can mount a device while building my Dockerfile without getting an automount error?
Ijaz Ahmad
  • 7,146
  • 5
  • 32
  • 45
10
votes
2 answers

What is a Linux container and a Linux hypervisor?

I looked at the stackexchange site but couldn't find anything. I looked at the wikipedia entry on Linux container https://en.wikipedia.org/wiki/LXC and as well as hypervisor https://en.wikipedia.org/wiki/Hypervisor but the explanation to both is…
shirish
  • 11,967
  • 27
  • 107
  • 190
9
votes
1 answer

What does "if1@if2" mean in interface name in output of "ip address" command on Ubuntu

What does at sign (@) mean in interface name in output of "ip address" command (or the "ip link" command) on Ubuntu, for example interface name "eth0@if44" in the following output: root@aafa1fc24a0b:/# ip address 1: lo: mtu…
Bruno Rijsman
  • 193
  • 1
  • 5
9
votes
3 answers

Linux - Isolate process without containers

I am building a system which has the functions of an online judge system. I need to run all the executables and evaluate their output. The problem is that if all of them will be placed in a container, in different folders one of the application may…
Radu-Costin Nedelcescu
  • 93
  • 1
  • 4
1
2 3
23 24