Skip to content
Snippets Groups Projects
Commit 21f0df84 authored by Giuseppe Scrivano's avatar Giuseppe Scrivano Committed by Atomic Bot
Browse files

Revert "docker-centos: use a chroot environment"

This reverts commit 592263ad.

Closes: #38
Approved by: giuseppe
parent 3073a888
No related branches found
No related tags found
No related merge requests found
...@@ -2,11 +2,10 @@ FROM centos ...@@ -2,11 +2,10 @@ FROM centos
LABEL maintainer="Giuseppe Scrivano <gscrivan@redhat.com>" LABEL maintainer="Giuseppe Scrivano <gscrivan@redhat.com>"
RUN yum install -y docker docker-latest container-selinux python-docker-py docker-lvm-plugin docker-rhel-push-plugin docker-novolume-plugin lvm2 iptables procps-ng xz cloud-utils-growpart && yum clean all RUN yum install -y docker docker-latest docker-selinux python-docker-py docker-lvm-plugin docker-rhel-push-plugin docker-novolume-plugin lvm2 iptables procps-ng xz cloud-utils-growpart && yum clean all
ADD init.sh /usr/bin ADD init.sh /usr/bin
# system container # system container
ADD set_chroot.sh unset_chroot.sh /
COPY service.template tmpfiles.template config.json.template /exports/ COPY service.template tmpfiles.template config.json.template /exports/
CMD ["/usr/bin/init.sh"] CMD ["/usr/bin/init.sh"]
...@@ -105,7 +105,7 @@ ...@@ -105,7 +105,7 @@
}, },
{ {
"type": "bind", "type": "bind",
"source": "/var/lib", "source": "${STATE_DIRECTORY}",
"destination": "/var/lib", "destination": "/var/lib",
"options": [ "options": [
"rbind", "rbind",
......
...@@ -8,11 +8,7 @@ ...@@ -8,11 +8,7 @@
source /run/docker-bash-env source /run/docker-bash-env
exec /usr/bin/dockerd-current \ exec /usr/bin/docker-current daemon \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
$OPTIONS \ $OPTIONS \
$DOCKER_STORAGE_OPTIONS \ $DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \ $DOCKER_NETWORK_OPTIONS \
......
...@@ -7,23 +7,16 @@ EnvironmentFile=-/etc/sysconfig/docker ...@@ -7,23 +7,16 @@ EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash Environment=GOTRACEBACK=crash
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStartPre=/bin/bash -c 'export -p > /run/docker-bash-env' ExecStartPre=/bin/bash -c 'export -p > /run/docker-bash-env'
ExecStartPre=/bin/sh $DESTDIR/rootfs/set_chroot.sh $DESTDIR/rootfs ExecStart=$EXEC_START
ExecStart=/usr/bin/init.sh ExecStop=$EXEC_STOP
ExecStopPost=/bin/sh $DESTDIR/rootfs/unset_chroot.sh
Restart=on-failure Restart=on-failure
RootDirectory=/var/lib/containers/docker-chroot WorkingDirectory=$DESTDIR
RootDirectoryStartOnly=yes RuntimeDirectory=docker
PermissionsStartOnly=yes
WorkingDirectory=/
LimitNOFILE=1048576 LimitNOFILE=1048576
LimitNPROC=1048576 LimitNPROC=1048576
LimitCORE=infinity LimitCORE=infinity
TimeoutStartSec=0 TimeoutStartSec=0
KillMode=control-group
Type=simple
SELinuxContext=system_u:system_r:container_runtime_t:s0
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
#!/bin/sh
CHROOT=/var/lib/containers/docker-chroot
mount --make-rprivate /
test -e $CHROOT/ || mkdir -p $CHROOT/
if ! findmnt $CHROOT/ >/dev/null 2>&1; then
mount --bind $CHROOT/ $CHROOT/
mount --make-private $CHROOT/
fi
mkdir -p $CHROOT/{etc,proc,sys,var,lib/modules,usr,tmp,dev,run}
for i in bin sbin lib lib64
do
test -h $CHROOT/$i && rm $CHROOT/$i
test ! -d $CHROOT/$i && ln -s /usr/$i $CHROOT/$i
done
for i in dev etc proc sys lib/modules tmp run
do
/usr/bin/mount --rbind /$i $CHROOT/$i
/usr/bin/mount --make-rslave $CHROOT/$i
done
if ! findmnt $CHROOT/var > /dev/null 2>&1; then
/usr/bin/mount --make-rslave --bind /var $CHROOT/var
fi
# /usr is mounted from the container
/usr/bin/mount --make-slave --read-only --rbind $1/usr $CHROOT/usr
d /var/lib/docker - - - - - d /var/lib/docker - - - - -
d /var/lib/containers/docker-chroot - - - - -
#!/bin/sh
CHROOT=/var/lib/containers/docker-chroot
# do not umount /var
for i in dev etc proc sys usr lib/modules tmp run; do
/usr/bin/umount -lR $CHROOT/$i
done
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment