On 07/08/2015 04:30 AM, Tobias Florek wrote: > Hi, > > tldr: add early-docker daemon (a la coreos) to support running > > I need to connect bare-metal atomic hosts via ipsec. That works (with > minor quirks) using the privileged ibotty/ipsec-libreswan container. > Unfortunately, because it is using docker, it starts pretty late in the > boot process. Fortunately I drop sensitive traffic before ipsec is up. > > But: I can't use firewalld to do that, because any firewalld container > would start as late as ipsec. > > I understand, that in order to keep the image minimal, not every > software can and should be installed. Running an early docker without > network (all containers use host-net) would enable that. > > What do you think? > > Cheers, > Tobias Florek > I think we should investigate using runc rather then docker form something like this. The idea would be to create a docker container image, but run it outside of the docker framework.
I am not sure if this is possible but I think this is something we should examine with the changes going on at Docker.
