[JIRA] (OVIRT-2324) Failed to mount docker.sock to "/var/run/docker.sock" in a container which runs systemd

Sun, 15 Jul 2018 05:58:04 -0700 

    [ 
https://ovirt-jira.atlassian.net/browse/OVIRT-2324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=37485#comment-37485
 ] 

Barak Korren commented on OVIRT-2324:
-------------------------------------

{quote}
I can see the mount entry when running mount, but the socket doesn't exist:
{quote}

I think I know what is going on here, systemd mounts tmpfs on /run after the 
socket was already mounted, so the tmpfs mount hides the socket mount.

So to solve this we need to check if we can make systemd leave /run alone, or 
otherwise mount to another location.

since this is a privileged container - can we bind mount from inside it? we can 
do that to "move" the docker socket back to where the docker client expects it 
to be.

But looking at the bigger picture for a sec, since we may want to do things 
like make docker commands inside the container use the container`s network 
namespace by deault, we could try to do it transparently by doing a MITM attack 
on the dockerd traffic. to do that we would:
# Mount the real docker socket in some custom location
# Have our process listen on the default docker socket location, forward 
traffic to the custom location and inject modified network instructions as 
needed....
If we do that, we don;t really have to solve this issue.

> Failed to mount docker.sock to "/var/run/docker.sock" in a container which 
> runs systemd
> ---------------------------------------------------------------------------------------
>
>                 Key: OVIRT-2324
>                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2324
>             Project: oVirt - virtualization made easy
>          Issue Type: Bug
>            Reporter: Gal Ben Haim
>            Assignee: infra
>




--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
_______________________________________________
Infra mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/[email protected]/message/YRBD6AJ5RLJSZBY5NTIFSI45AJ7UWCTK/

Reply via email to