Is it safe to extract the root filesystem of a Docker.io image and use it in a chroot?

Question

I have recently discovered Docker, and I think it's a great tool for managing my runtime environments. However, I also have some OpenVZ VPS'es that don't support LXC, so I'm thinking about using docker export to export the filesystem of an image, extract the resulting tarball to a directory in the VPS, and then chroot into that directory and run the services inside the image.

Is it safe to do this? What customizations does Docker make to the filesystem of its image (I can see a .dockerinit file in the root directory at first glance)? Any tips & pitfalls of this approach?

Answer 1

The main risk would be isolation. If your OpenVZ is properly configured and warranty the isolation, you are good to go.

Docker does not do any modification to the file system. At runtime, it mounts itself as .dockerinit. We use this in order to setup the user/group and network once the container is started.

In future version, docker will support different isolation backend like libvirt or even chroot. The base image aren't going to change though, so there is no problem using docker images on OpenVZ.