I tried to install a kernel module, xfsprogs. It was successfully installed inside a container. It is really surprising, but lsmod doesn't list this module inside container or in the host system.
How can a new kernel module loaded in a container?(CentOS container, Ubuntu host)
Containers interact with the kernel through system calls and don't include any part of the kernel or the kernel modules inside the container. This is one of the reasons why containers designed to be light weight and portable. Also xfsprogs are user space programs and not kernel modules.
How can a new kernel module loaded in a container?(CentOS container, Ubuntu host)
The module needs to be loaded on your host OS, and not from the docker container.
- Run the container in privileged mode (--privileged)
- Add all capabilities (--cap-add=ALL)
- mount host /lib/modules into the container (-v /lib/modules:/lib/modules)
docker run --name container_name --privileged --cap-add=ALL -d -v /dev:/dev -v /lib/modules:/lib/modules image_id
Here all linux capabilities is added so capabilities can be refined.
Falco is an example of a container that loads a kernel module as part of its start process.
docker run -i -t --name falco --privileged \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro \
sysdig/falco
来源:https://stackoverflow.com/questions/33013539/docker-loading-kernel-modules