Skip to content

Docker🔗

= ("[Website](" + this.url + ")") | = ("[Documentation](" + this.docs + ")") | = ("[Source](" + this.source + ")")

Important Commands

1
2
3
4
5
docker pull $image # pull image from registry
docker ps # list containers
docker container ls # list (running) containers
docker run -d -it $image_name # start persistent container
docker exec -it $container_id /bin/bash # get a shell

Images🔗

Using an image checksum in the definition can be used to verify integrity and downloading a modified container.2

Installation🔗

Rootless🔗

https://docs.docker.com/engine/security/rootless/

  • creates a new context
  • running root and rootless Docker concurrently shouldn’t be a problem anymore, but the context might have to be specified, as the rootless setup makes rootless Docker default1

Keep user containers alive after logout

1
2
3
4
5
6
sudo loginctl enable-linger $(id -u)
export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
export XDG_RUNTIME_DIR=/run/user/$(id -u)
systemctl --user status docker.service
# if still dead try
systemctl --user restart docker.service

^4d425a

Disadvantages and Limitations🔗

https://docs.docker.com/engine/security/rootless/#known-limitations

https://linuxhandbook.com/rootless-docker/
Using Slirp4netns mode solves this problem, and shows the original address of the request. But it also has two problems.

  • IPv6 not supported.
  • speed is much slower (about 7Gbps).

openSUSE🔗

  • newuidmap and newgidmap already available, package uidmap doesn’t exist
  • installed fuse-overlayfs as recommended
  • Docker package from distro repos didn’t have script dockerd-rootless-setuptool.sh, so I am trying to install a package provided by Docker
  • run (see openSUSE forum)
1
2
3
4
sudo zypper install docker rootlesskit
sudo systemctl --now disable docker.service
curl -fsSL https://get.docker.com/rootless | sh
systemctl --user --now enable docker.service

The openSUSE package rootlesskit doesn’t include all the scripts other repo’s packages provide.

Glossary🔗

Term Description Similar Example
image
registry place to store images harbor
context like an environment (incl. endpoint) docs

References🔗

  1. https://serverfault.com/questions/1085738/docker-and-rootless-docker-side-by-side-is-it-allowed 

  2. https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#use-checksum-to-keep-your-image-secure