问题
I would like to start a container with privileges. Manually I can do that directly by typing:
sudo docker run -privileged name/image
But how can I generated a container from a Dockerfile with privileges, is there any command to do that in the dockerfile?
In my case I am doing a deployment in amazon, in case it can not be done from a Dockerfile can it be done from the Dockerrun.aws.json?
PS. To give some context to the question, I need privileges in the docker container to be able to change the ulimit because of apache.
Edit:
I don't change it locally in the container because in Docker the ulimit of the container is the one of the host. That is why the change doesn't affect the container if I change it locally.
回答1:
Running the container with elevated privileges probably raises all sorts of security and reliability issues.
I would suggest that rather than starting the whole Docker session with elevated privileges, which will potentially mean that everything run on it will have elevated privileges, instead you create a docker container with an changed number set for ulimit.
I am not an expert but the instructions for creating your own container look clear enough then sudo vi /etc/security/limits.conf
within your new container, changing soft nofile
and soft nproc
, save and then export the new container seems the way to go. You can then run the new container with normal privilege levels.
The other option that seems to be used in many places is to run multiple container instances so as to avoid congestion issues.
来源:https://stackoverflow.com/questions/30136047/dockerfile-privileged-flag-for-docker-container-needed-because-of-apache-error