10

I've a commercial app, that is shipped in a chroot environment : the startup script is making the chroot, and starting the exe.

The App is pretty complex, and also for support purposes, I don't want to change the all environment.

Is it possible to run chroot, and start the service in docker ? Or are the two incompatible ?

Freedom_Ben
  • 11,247
  • 10
  • 69
  • 89
OpenStove
  • 714
  • 1
  • 11
  • 22

2 Answers2

10

It is possible to make a chroot inside a container... but, as mentioned in "debootstrap inside a docker container", you might need to run with the privileged mode. 

docker run --privileged

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container.
This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices.

There was a huge discussion for requesting docker to support privileged operations.
So far, it is not happening.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • How would you incorporate this in a supervisor configuration ? : - I need to make the chroot, - Then start 3 skripts – OpenStove Oct 22 '15 at 12:34
  • @OpenStove Have a look at https://github.com/phusion/baseimage-docker which is using a supervisor-like mechanism (I described it in http://stackoverflow.com/a/33119321/6309). You would still need to run the container in privieged mode though. – VonC Oct 22 '15 at 12:41
8

Option --cap-add=SYS_CHROOT should do the job.

damian101
  • 91
  • 1
  • 2
  • 5
  • 1
    I wanted to add more info, but there's not much more to it. It basically just allows using chroot: https://dockerlabs.collabnix.com/advanced/security/capabilities/#step-1-introduction-to-capabilities – Leon S. Aug 07 '23 at 15:03