Dockerfile privileged flag for Docker container (Needed because of Apache error ulimit ) AWS

独自空忆成欢 提交于 2020-01-06 21:00:25

问题


I would like to start a container with privileges. Manually I can do that directly by typing:

sudo docker run -privileged name/image

But how can I generated a container from a Dockerfile with privileges, is there any command to do that in the dockerfile?

In my case I am doing a deployment in amazon, in case it can not be done from a Dockerfile can it be done from the Dockerrun.aws.json?

PS. To give some context to the question, I need privileges in the docker container to be able to change the ulimit because of apache.

Edit:

I don't change it locally in the container because in Docker the ulimit of the container is the one of the host. That is why the change doesn't affect the container if I change it locally.


回答1:


Running the container with elevated privileges probably raises all sorts of security and reliability issues.

I would suggest that rather than starting the whole Docker session with elevated privileges, which will potentially mean that everything run on it will have elevated privileges, instead you create a docker container with an changed number set for ulimit.

I am not an expert but the instructions for creating your own container look clear enough then sudo vi /etc/security/limits.conf within your new container, changing soft nofile and soft nproc, save and then export the new container seems the way to go. You can then run the new container with normal privilege levels.

The other option that seems to be used in many places is to run multiple container instances so as to avoid congestion issues.



来源:https://stackoverflow.com/questions/30136047/dockerfile-privileged-flag-for-docker-container-needed-because-of-apache-error

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!