0

Background

I have a very old C++ monolithic app running on Virtual Machines. The Virtual Machines OS is using linux kernel 2.6. Now I am assigned with the task of containerizing the same. The latest docker v18 needs kernel 3.10.

Question1

Can I run docker host with linux kernel 3.10 and the container image containing app built for kernel 2.6? Will my application see any problems? If yes, then what kind of problems? How do I go about finding and fixing them?

Question2

Is there a way I can run docker on linux kernel 2.6 and not change my app?

Question3

Can I use LXC or some other technology? What are the options other than docker for linux kernel 2.6 apps?

Community
  • 1
  • 1
Jay Rajput
  • 1,813
  • 17
  • 23
  • 1
    Docker doesn't change the kernel release in any way -- neither does LXC. Both exposes the same kernel the host is running, just with different namespaces for exposed networking/process trees/etc. – Charles Duffy Sep 13 '18 at 13:13
  • 1
    That said, it's very unusual for an application built for a 2.6 kernel to not work in a 3.x kernel when given its original userspace -- Linux upstream tries hard to maintain syscall-level forward compatibility, so newer kernels should be able to run older apps except in very extreme cases (unless the application includes a kernel module component, in which case you couldn't run it in Docker without turning off security features anyhow). Could you be a bit more specific about the nature of the compatibility constraint? – Charles Duffy Sep 13 '18 at 13:14
  • Possible duplicate of [How does Docker handle different kernel versions?](https://stackoverflow.com/questions/51343767/how-does-docker-handle-different-kernel-versions); see also [How can Docker run distros with different kernels?](https://stackoverflow.com/questions/32841982/how-can-docker-run-distros-with-different-kernels). If you **really** need to run a different kernel, then you need virtualization (KVM/VirtualBox/VMware/etc), not containerization. – Charles Duffy Sep 13 '18 at 13:16
  • ...if your issue is that a glibc symbol can't be found (which is much more common/likely), f/e, that's not a kernel-related issue but instead is a matter of needing to use a Docker container that ships a libc compatible with the one your program was compiled for. – Charles Duffy Sep 13 '18 at 13:19
  • @CharlesDuffy...it is good to know that it is very unsual for an application built for 2.6 kernel to not work in a 3.x kernel. Can you provide some references to prove this statement? My google/so searches..make me believe that there may be ABI compatability issue. I – Jay Rajput Sep 13 '18 at 13:20
  • [Why is there a Linux kernel policy to never break userspace?](https://unix.stackexchange.com/questions/235335/why-is-there-a-linux-kernel-policy-to-never-break-user-space) over on [unix.se] would be a place to start re: understanding the background. – Charles Duffy Sep 13 '18 at 13:21
  • @CharlesDuffy...the container will be built from a dockerfile which will have a FROM statement for a 2.6 linux image..so I am hoping that the glibc issue will not happen. – Jay Rajput Sep 13 '18 at 13:21
  • 1
    It doesn't matter if it's FROM an image that was built on the name kernel; it *does* matter if it's FROM an image that was built with the same shared libraries (unless your binary is statically-compiled). If it's FROM an image of the same distro you've already tested that code on, you're probably in the clear. – Charles Duffy Sep 13 '18 at 13:23
  • https://yarchive.net/comp/linux/gcc_vs_kernel_stability.html, btw, archives a discussion from Linus that's pertinent -- search for the paragraph containing the string *We care about user-space*. – Charles Duffy Sep 13 '18 at 13:24
  • Thanks...btw...the app has many processes running on different VMs..One of the VM which acts as front-end..does muck up with the kernel modules in order to transmit the TCP packets to a backend VM...I think it is netfilter module where they do something specific...so for that kind of app...what will be the suggestion? – Jay Rajput Sep 13 '18 at 13:27
  • You won't be able to containerize any piece that requires a custom kernel module (without installing that on the host as a whole and doing a bunch of rather custom setup), but you *can* run it in a virtual machine. I'd suggest kvm, with a `tap`-style interface for input and output; see [`libvirt`](https://libvirt.org/) if you want to automate the setup. – Charles Duffy Sep 13 '18 at 13:28
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/180000/discussion-between-jay-rajput-and-charles-duffy). – Jay Rajput Sep 13 '18 at 13:30

0 Answers0