arno01/docker-on-android.md

## docker-on-android.md

      
    Raw
  

              docker-on-android.md
            
          
    WORK IN PROGRESS

Docker on Android

Setup:
Samsung Galaxy Tab S5e SM-T720
Android Pie on Linux 4.9.112 (not rooted)
Termux
golang 1.12

Client

This will install the docker client to your ~/go/bin/ directory.
go get github.com/docker/cli/cmd/docker

The client is working, you can export DOCKER_HOST value to work with the dockerd, for example:
# export DOCKER_HOST=unix://$HOME/docker.sock
export DOCKER_HOST=tcp://192.168.X.Y:2376
docker run hello-world

Server

go get -u -d github.com/docker/docker/cmd/dockerd

rm -vf ~/go/src/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
rm -vf ~/go/src/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go

cd ~/go/src/github.com/docker/docker/cmd/dockerd
go install

containerd

containerd is the container runtime used by dockerd.
go get -u -d github.com/containerd/containerd/cmd/containerd
rm -vf ~/go/src/github.com/containerd/containerd/cmd/containerd/builtins_btrfs_linux.go
cd ~/go/src/github.com/containerd/containerd/cmd/containerd
go install

rootless docker


Install rootlesskit

source ~/go/src/github.com/docker/docker/hack/dockerfile/install/rootlesskit.installer
REFIX=$GOPATH/bin _install_rootlesskit


Install slirp4netns

git clone -b v0.3.0 https://github.com/rootless-containers/slirp4netns.git
cd slirp4netns
./autogen.sh
./configure --prefix=$PREFIX
make
make install


Run rootless dockerd

~/go/src/github.com/docker/docker/contrib/dockerd-rootless.sh --experimental

Issue:
Apparently non-rooted Android is not permitting using the namespaces, probably due to SELinux rules or any other means such as unprivileged_userns_clone set to 0.. please try this if you have rooted Android.
+ exec rootlesskit --net=slirp4netns --mtu=65520 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run /data/data/com.termux/files/home/go/src/github.com/docker/docker/contrib/dockerd-rootless.sh --experimental
WARN[0000] "builtin" port driver is experimental
[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted

$ strace rootlesskit --net=slirp4netns --mtu=65520 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run bash |& grep CLONE_NEWUSER
clone(child_stack=NULL, flags=CLONE_NEWUSER|SIGCHLD) = -1 EPERM (Operation not permitted)

$ strace unshare -U id |& grep PERM
unshare(CLONE_NEWUSER)                  = -1 EPERM (Operation not permitted)

Refs


https://forums.docker.com/t/is-it-possible-to-runn-docker-engine-on-android-devices/16135
#37375 Proposal: allow running dockerd as an unprivileged user (aka rootless mode)
https://github.com/rootless-containers/rootlesskit.git
slirp4netns
https://github.com/docker/cli/tree/master/cmd
moby/moby#37375

my go env

The defaults I have on my config:
$ go env
GOARCH="arm64"
GOBIN=""
GOCACHE="/data/data/com.termux/files/home/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="arm64"
GOHOSTOS="android"
GOOS="android"
GOPATH="/data/data/com.termux/files/home/go"
GOPROXY=""
GORACE=""
GOROOT="/data/data/com.termux/files/usr/lib/go"
GOTMPDIR=""
GOTOOLDIR="/data/data/com.termux/files/usr/lib/go/pkg/tool/android_arm64"
GCCGO="gccgo"
CC="aarch64-linux-android-clang"
CXX="aarch64-linux-android-clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/data/data/com.termux/files/usr/tmp/go-build067260183=/tmp/go-build -gno-record-gcc-switches"