Package request: Docker engine #60
Comments
|
+1 this would also make it easier to support building termux packages on Android via docker. I guess the x86 architecture makes most sense, although ARM is also supported: https://github.com/umiddelb/armhf/wiki/Installing,-running,-using-docker-on-armhf-(ARMv7)-devices |
|
I have tried building docker engine on android. The major issues seem to be the craptastic, outdated kernels shipped with most devices, missing support for storage drivers in these kernels and the need for root to use docker. I can't see a sane way to make this happen. |
|
Maybe it would work on lineage os |
|
It might on some extremely new devices. Most still package 3.x series kernels, which are too old for docker and can't be updated by ROM maintainers because most are raging tire fires of hackish vendor patches stacked one onto another. |
|
+1 |
1 similar comment
|
+1 |
|
My device (Nexus 6) has a 3.10 kernel, I think it would be enough for Docker. |
|
Requirements seem to be:
|
|
Damn, 64-bit only. That will rule it out for a lot of people. |
|
I'm sure docker could be patched to support 32 bit, I could be wrong |
|
I have docker running on my 32-bit raspberry pi 2 |
|
@casept I just noticed my 2014 tablet has a 3.10 kernel. So I think the number of devices that would support Docker might have risen quite a bit. Also, I don't think root is required. On the desktop you can simply add a non-root user to the docker group and then that user can run docker without root privileges. |
|
@T-vK that's nice and I don't quite know the docker implementation but if it makes use of the chroot command or similar I think we will need root access anyway. But it's somehow possible it would be great. |
|
https://docs.docker.com/engine/installation/linux/docker-ce/debian/ Debian and Ubuntu both have armhf Docker packages. And I don't know if there's anything to be gained from looking at the Moby project but it looks like this is where Docker system integration development is taking place now. https://github.com/moby/moby Hoping to get some time to look into this soon. |
|
@T-vK the docker client can run without root, but the docker engine requires root access afaik. Also, it doesn't just need a 3.10 kernel, it needs kernel modules that aren't built into Android kernels. You would need to compile a custom kernel |
|
I see that CrossOver runs Windows apps using emulation, is something similar possible with Linux on Android so that a more appropriate Kernel version could be utilized to run Docker? |
|
@pwdonald Nope. You either need to compile a custom Android kernel, or somehow run a VM on Android. Would be better just to run a remote server and SSH in. |
|
The engine and all its associated architecture requirements aside, I would love to see just the docker client packaged. One can use it with |
|
I don't think this is easy since Docker uses a lot of the linux kernel features, and Android ships a stripped down version of the kernel. |
|
The Docker client can be done. There are already Android apps that can talk to a remote Docker Engine if you expose the API |
This comment was marked as spam.
This comment was marked as spam.
|
This doesn't change anything. The PRoot would still use the kernel of your device. The only way around it would be virtualization which would probably make everything painfully slow and I'm not even sure if this can be done on any phone. |
|
Yeah, the only way to do this is to build a custom kernel for your phone unless Google decides to build container support into Android. |
|
And I doubt the latter will happen. There has been something in the news recently about Chrome OS potentially adding some kind of container support, though.. |
|
Or it will be implemented on Fuchisa |
|
@T-vK It actually might happen. Google is heavily invested in containers so I could see a future version of Android using container sandboxing as an alternative to the current JVM sandboxing. They wouldn't expose it as Docker natively, but it could open a path to compiling docker-engine for stuff like Termux. |
|
Also, you're thinking of this: https://chromeunboxed.com/news/chrome-os-chromebook-containers-developer which seems to be designed for improving Chromebooks for development. I'm hoping for an announcement at I/O |
|
Ok here is a guy who ran a docker image on termux. It was a So can't we take lessons from there and create an actual docker image running package? |
|
I think the scope of this issue is to be able to have a docker engine running and be able to use the docker CLI client. Using docker images as a base for chroot is nice but I feel it does not get any closer to the goal |
|
I agree with rodrigoaguilera. |
Ubuntu worked for me.
Yes, Docker works under chroot. You can go with something like http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/aarch64/alpine-minirootfs-3.12.0-aarch64.tar.gz as base for Docker installation. |
Indeed, I was able to run docker inside a chrooted rootfs of alpine and ubuntu. Things were a bit unstable and my phone often reboots after running the containers (not sure if it's my kernel, or whatever), but it works. Another option for who's interested, is to emulate a GNU/Linux distro using qemu and run docker inside the VM. This has the advantage of not needing a rooted device nor a custom kernel. But as it's been running under an emulated environment, it will be slower than running the chrooted alternative. Those are the only two ways of running docker containers under Android, as far as I'm concerned. |
|
@xeffyr I noted that the kernel, by default, indeed creates the cgroups hierarchy with the In Android versions bellow 10, this happens when the init process is executing the In Android 10, things were changed and the init process creates the cgroups by itself, using the |
I had same and that was caused by null pointer dereference in xt_qtaguid subsystem which is Android specific. That bug exists for a long time and I'm not sure if it was fixed in Android 10. I patched it manually, that broke its functionality but Docker ran perfectly after that. Kernel log: |
|
And here is an applied patch: --- orig/net/netfilter/xt_qtaguid.c 2020-05-12 12:13:14.000000000 +0300
+++ my/net/netfilter/xt_qtaguid.c 2019-09-15 23:56:45.000000000 +0300
@@ -737,7 +737,7 @@
{
struct proc_iface_stat_fmt_info *p = m->private;
struct iface_stat *iface_entry;
- struct rtnl_link_stats64 dev_stats, *stats;
+ struct rtnl_link_stats64 *stats;
struct rtnl_link_stats64 no_dev_stats = {0};
@@ -745,13 +745,8 @@
current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
iface_entry = list_entry(v, struct iface_stat, list);
+ stats = &no_dev_stats;
- if (iface_entry->active) {
- stats = dev_get_stats(iface_entry->net_dev,
- &dev_stats);
- } else {
- stats = &no_dev_stats;
- }
/*
* If the meaning of the data changes, then update the fmtX
* string.Breaks xt_qtaguid functionality, however no impact on Android OS net traffic accounting was observed. Another patch for my kernel was fixing prefixed cgroup files: --- orig/kernel/cgroup.c 2020-05-12 12:13:14.000000000 +0300
+++ my/kernel/cgroup.c 2019-09-15 23:56:45.000000000 +0300
@@ -3025,6 +3025,12 @@
if (cft->seq_show == cgroup_populated_show)
cgrp->populated_kn = kn;
+
+ if (cft->ss && (cgrp->root->flags & CGRP_ROOT_NOPREFIX) && !(cft->flags & CFTYPE_NO_PREFIX)) {
+ snprintf(name, CGROUP_FILE_NAME_MAX, "%s.%s", cft->ss->name, cft->name);
+ kernfs_create_link(cgrp->kn, name, kn);
+ }
+
return 0;
}
|
I can confirm this bug is still present in Android 10. The source code is exactly the same and applying your patch solves the problem! Thanks for sharing the patch, btw 👍 I would've spent days figuring it out by myself. |
|
Finally, it worked!
This is docker successfully running containers directly in Android. No chroot inside GNU/Linux rootfs and no VM emulation with qemu. This is pure Android. As showed here, docker runs fine in Android, it just can't pull any container since the Android OS isn't supported by them. Trying to politely ask a Linux version of the container with the flag I opened a feature request in docker repo yesterday: moby/moby#41111, but I'm not sure if they'll take it seriously. |
ghost
deleted a comment from
|
Docker on android would be great |
|
For whoever is interested in get docker running on its phone, I've written a step by step gist After 7 months using it I can say it's working pretty stable on my phone. The only thing I couldn't get working 100% is the network isolation for the containers. For now, to give the containers internet access you have to expose its network by using the @xeffyr @Grimler91 A PR for docker in termux-unstable would be accepted? |
|
@FreddieOliveira Yes, PR would be nice. As for networking, I guess here is something to do with Android firewall or routing tables, if relevant drivers are already enabled. |
I believe they are.
That's what I think. Since I use AdAway and AFWall+ apps, my routing table is pretty messed up. Probably it's something silly I haven't figured out yet. When the PRs are done, I'll open an issue specific for this internet problem, so this issue here can be closed and the relevant discussion continues there. |
This isn't needed anymore. The problem was already solved and was indeed related with the routing table. |
|
It took almost 5 years since this issue was opened, but Docker is finally part of the root repo now. Run Note that you still need a rooted phone with a compatible kernel to run it. |
|
Could you describe how to install and what are final requirements? I downloaded termux on my (non rooted) android device, run 'pkg install docker' and got 'unable to locate package docker' :( |
|
Unfortunately you won't be able to run docker (or any program from termux-root repository) on non-rooted devices. You need to root your phone, compile your kernel with the necessary features, subscribe to termux-root repo with |
|
I get Edit: my bad.. didn't run as sudo 😓 |
|
We open the Android container, which can run the docker container on the Android operating system. Not only can run Docker containers, but also other containers, such as podman. In addition, we have also enabled the container to support checkpoint and restore functions, and support the migration of containers across architectures and operating systems. See https://github.com/CGCL-codes/Android-Container for details. |
|
Closing since docker is available for several months already |
Breaks xt_qtaguid functionality, however no impact on Android OS net traffic accounting was observed. termux/termux-root-packages#60 (comment)
and others
Great job for all that Termux is. I know that this is probably a "no can do", but would be a for a nobel award!
;)
The text was updated successfully, but these errors were encountered: