option to have docker socket and /usr/bin/docker available in the toolbox container
Closed this issue · 2 comments
The current toolbox provides neither an access to the docker socket nor the docker binary preventing to use the toolbox as a universal management tool. It would be nice if toolbox exposed those into the container either by default or with an option.
Currently as a workaround I have a custom copy of the toolbox script with --bind=/run/docker.sock --bind-ro=/usr/bin/docker added to the systemd-nspawn arguments, but that works by an accident. docker executable is not fully statically linked and there is no guarantee that the fedora image provides the shared libraries the executable depends on.
I suppose a better option would be to turn in the toolbox container /usr/bin/docker into a script that runs the executable from /media/root/usr with the LD_LIBRARY_PATH set to /media/root/usr/lib64/
I ran into a similar problem when bind-mounting the docker CLI into a container. As far as I know, the official client is statically linked, but the one embedded in CoreOS doesn't appear to be so. I am guessing creating a custom image, mounting the libs inside the container or downloading a statically linked client are the only way to go?
docker client is not fully statically linked. As long as one links against glibc, dynamic linking is unavoidable as glibc itself uses dlopen to load libraries at runtime. So golang compiler by default dynamically links against glibc and few other low-level system libraries while statically linking against the rest.