This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!

Docker¶

Docker is a utility to pack, ship and run any application as a lightweight container.

Info

See Containers vs. Virtual Machines (VMs): What’s the Difference?

Reference(s)

Table of contents¶

Install
Config
Use
- Buildx
- Troubleshooting
  - error pair interfaces: operation not supported
  - warning /lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments

Install¶

Containers that produce kernel panics will induce kernel panics into the host operating system.

Gentoo kernel

A correct kernel config is needed: See: https://wiki.gentoo.org/wiki/Docker#Kernel

Warning

After configuring the kernel don't forget to do a kernel make and rebuild!

apkaptdnfemergenixpacmanyumxbpszypper

# apt add docker

# apt install docker.io

# dnf install docker

$ sudo emerge -a app-containers/docker
$ sudo emerge -a app-emulation/docker-compose
$ /usr/share/docker/contrib/check-config.sh

on NixOSon non-NixOS

# nix-env -iA nixos.docker

# nix-env -iA nixpkgs.docker

# pacman -S docker

For Artix users

If using dinit:
```
# pacman -S docker docker-dinit
```
If using openrc:
```
# pacman -S docker docker-openrc
```
If using runit:
```
# pacman -S docker docker-runit
```
If using s6:
```
# pacman -S docker docker-s6
```

# yum install docker

# xbps-install -S docker

# zypper install docker

Then, add it to your init system and start it:

OpenRCRunitSysVinitSystemD

# rc-update add docker default
# rc-service docker start

Depending on your runit implementation, either run:

# ln -s /etc/runit/sv/docker /service

or run:

# ln -s /etc/runit/sv/docker /var/service

or run:

# ln -s /etc/runit/sv/docker /run/runit/service

In any case, finally run:

# sv up docker

# service docker start
# chkconfig docker on

# systemctl enable docker
# systemctl start docker

Finally, check with # docker info that everything is fine.

Config¶

TODO : proxy...
Allow docker to be run without sudo (see https://askubuntu.com/a/477554):
```
$ sudo groupadd docker
$ sudo gpasswd -a $USER docker
$ newgrp docker
```
⚠️ Be careful with the associated security risks: https://docs.docker.com/engine/security/#docker-daemon-attack-surface⚠️
Active experimental features of docker, by creating the file /etc/docker/daemon.json with the following content:
```
{"experimental":true}
```
Change Docker root directory /var/lib/docker to another location (e.g. /new/path/docker):

OpenRCRunitSysVinitSystemD

TODO

Most distros using Runit won't store active services in the same directory. So let's define a $ACTIVE_RUNIT_SERVICE_DIR environment variable holding the path to that directory. Most common paths are:

/service/
/var/service/ (e.g. for Void Linux)
/etc/service/
/run/runit/service/ (e.g. for Artix Linux)

$ sudo sv stop docker

$ sudo vi $ACTIVE_RUNIT_SERVICE_DIR/docker/run
    > ...
  ~ > exec chpst -o 1048576 -p 1048576 dockerd --data-root="/new/path/docker"

$ sudo mkdir -p /new/path/docker
$ sudo rsync -aqxP /var/lib/docker/ /new/path/docker

$ sudo sv start docker

$ ps aux | grep dockerd | grep -v grep

TODO

$ sudo systemctl stop docker.service
$ sudo systemctl stop docker.socket

$ sudo vi /lib/systemd/system/docker.service
    > ...
  ~ > ExecStart=/usr/bin/dockerd --data-root="/new/path/docker" -H fd://
    > ...

$ sudo mkdir -p /new/path/docker
$ sudo rsync -aqxP /var/lib/docker/ /new/path/docker

$ sudo systemctl daemon-reload
$ sudo systemctl start dockerd

$ ps aux | grep dockerd | grep -v grep

It is possible to use a Btrfs or ZFS (or etc) storage driver for Docker, see https://wiki.archlinux.org/title/Docker#Storage_driver and https://wiki.gentoo.org/wiki/Docker#Storage_driver.

Use¶

Start a container with an interactive Bash shell:

$ sudo docker run --interactive <image_name> bash

E.g.

$ docker run --interactive --name ubuntu-bash ubuntu bash
$ docker run --interactive --name rocky-bash rockylinux bash
$ docker run --interactive --name debian-bash debian bash

Start a container with an interactive Bash shell, with a pseudo-tty and auto-remove the container when done executing:
```
$ sudo docker container run --interactive --tty --rm rockylinux bash
```
- --interactive says you want an interactive session.
- --tty allocates a pseudo-tty.
- --rm tells Docker to go ahead and remove the container when it’s done executing.

"shell" into a running container (docker-1.3+):

$ sudo docker exec -it <container_name> bash

Inspect a running container:

$ sudo docker inspect <container_name> (or <container_id>)

Get the process ID for a container:

$ sudo docker inspect --format {{.State.Pid}} <container_name_or_ID>

List the current mounted volumes for a container (and pretty print):

$ sudo docker inspect --format='{{json .Volumes}}' <container_id> | python -mjson.tool

Copy files/folders between a container and your host:
```
$ sudo docker cp foo.txt mycontainer:/foo.txt
```
List currently running containers:
```
$ sudo docker ps
```
List all containers:
```
$ sudo docker ps -a
```
Pull down an image (e.g. the latest Rocky Linux image):
```
$ sudo docker pull rockylinux
```
List all images:
```
$ sudo docker images
```

Remove a docker container:

$ sudo docker image rm <container_name>

Remove a docker image (⚠️ check if a container is associated to it beforehand with $ docker ps -a):
```
$ sudo docker image rmi <image_name>
```
Display system-wide information:
```
$ sudo docker system info
```
Remove unused data:
```
$ sudo docker system prune
```
Show docker disk usage:
```
$ sudo docker system df
```
Remove all stopped containers, dangling images, and unused networks:
```
$ sudo docker system prune
```
If you want to remove all unused images not just the dangling ones, add the -a (--all) option to the command.

Buildx¶

https://docs.docker.com/desktop/multi-arch/

Troubleshooting¶

error `pair interfaces: operation not supported`¶

If you get an error like this one:

docker: Error response from daemon: failed to create endpoint cranky_einstein on network bridge: failed to add the host (vethf55744a) <=> sandbox (vethfce3f4d) pair interfaces: operation not supported.

Maybe you just did a Linux Kernel update, in that case: just restart the computer

warning `/lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments`¶

Using OpenRC, with /bin/sh as a symlink to /bin/dash, a warning is issued every time Docker is started or stopped:

/lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments
 * docker: unable to apply RC_ULIMIT settings
 * Stopping docker ...

See https://github.com/moby/moby/issues/43370.

If this cheat sheet has been useful to you, then please consider leaving a star here.

Docker¶

Table of contents¶

Install¶

Config¶

Use¶

Buildx¶

Troubleshooting¶

error pair interfaces: operation not supported¶

warning /lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments¶

error `pair interfaces: operation not supported`¶

warning `/lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments`¶