Docker loading kernel modules

后端 未结 3 1651
无人共我
无人共我 2020-12-05 15:32

I tried to install a kernel module, xfsprogs. It was successfully installed inside a container. It is really surprising, but lsmod doesn\'t list th

相关标签:
3条回答
  • 2020-12-05 16:06

    Falco is an example of a container that loads a kernel module as part of its start process.

    docker run -i -t --name falco --privileged \
      -v /var/run/docker.sock:/host/var/run/docker.sock \
      -v /dev:/host/dev \
      -v /proc:/host/proc:ro \
      -v /boot:/host/boot:ro \
      -v /lib/modules:/host/lib/modules:ro \
      -v /usr:/host/usr:ro \
      sysdig/falco
    
    0 讨论(0)
  • 2020-12-05 16:19

    Containers interact with the kernel through system calls and don't include any part of the kernel or the kernel modules inside the container. This is one of the reasons why containers designed to be light weight and portable. Also xfsprogs are user space programs and not kernel modules.

    How can a new kernel module loaded in a container?(CentOS container, Ubuntu host)

    The module needs to be loaded on your host OS, and not from the docker container.

    0 讨论(0)
  • 2020-12-05 16:20
    • Run the container in privileged mode (--privileged)
    • Add all capabilities (--cap-add=ALL)
    • mount host /lib/modules into the container (-v /lib/modules:/lib/modules)
    docker run --name container_name --privileged --cap-add=ALL -d \
           -v /dev:/dev -v /lib/modules:/lib/modules image_id
    

    Caution: Here all Linux capabilities are added so capabilities can be refined.

    0 讨论(0)
提交回复
热议问题