Hacker News new | ask | show | jobs
by thockingoog 4259 days ago
There's another gotcha in super-small images - things like "docker exec" will not work because there's nothing to exec. SSH-to-container becomes impossible.

I think there's got to be a middle-ground - small (maybe O(tens of MB) max) but full-featured enough to have a simple shell and the ability to get debug tools.

How small of a debian or fedora image could we get if we REALLY tried? 50 MB? 30 MB?
1 comments
WestCoastJustin 4259 days ago
I thought there was a way to enter a namespace (googled this as I write the comment). Basically you have your shell and debug bits outside the container and make it appear as if it was inside it via nsenter [1]. I have not tested this, but will do that in a second. This might correct the situation you are thinking of.

    +--------------------+
    | docker container   |
    |  w/ static bin     |
    |                 <----- nsenter + bash/debug bits (on host machine)
    +--------------------+
[1] http://www.kevssite.com/2014/08/05/console-access-into-a-run...
link
shykes 4258 days ago
As of Docker 1.3 you can simply 'docker exec' :)
link
drdaeman 4258 days ago
He is actually talking about the case where bash binary (or gdb or whatever you're going to exec) does not exist in container. So the hassle of loading bash from the parent, then moving the process into container's namespace with nsentry.

So, nope, docker exec just wouldn't work.

link
shykes 4258 days ago
You're right, we're still missing dynamic volume mounts to do the same thing in Docker. My bad.
link