Yes, docker can run in a linux container.
But docker will only run with the lxc
execution driver and in a unconfined lxc.
So, here's how to get docker in LXC:
Ensure you have lxc.aa_profile = lxc-container-default-with-nesting
(if it doesn't work or you don't have this profile, try lxc.aa_profile = unconfined
) in the config
file of your LXC to ensure it will not be blocked by apparmor
. For more information, visit (or modify) files in /etc/apparmor.d/lxc
.
You need to install lxc in your container. If you are under ubuntu for instance, run in the container apt-get install lxc
.
Ensure that docker daemon is called with the --exec-driver=lxc
parameter. You can test it before by issuing manualy docker -d --exec-driver=lxc
. In ubuntu, to have the argument being used at startup, simply edit /etc/default/docker
and ensure that you have the line:
DOCKER_OPTS="--exec-driver=lxc"
Follow this thread for updates: https://github.com/docker/docker/issues/6783
If you need to troubleshoot:
- keep an eye on
apparmor
logs in the kern logs of the host.
- launch
docker -d ...
manualy to get outputs.
Note: You might not have hand on the host to modify the LXC apparmor script on Koding by judging others answers, anyway, this howto remains of interest if you are the LXC provider, and it answers the more general question you've asked in your question's title and that might attract people in more general scenarios (as I was).