Skip to content

Instantly share code, notes, and snippets.

@e-minguez

e-minguez/README.md

Last active May 16, 2023 21:43
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save e-minguez/0e74044a32a6870ebebf044a1ad487e2 to your computer and use it in GitHub Desktop.
Save e-minguez/0e74044a32a6870ebebf044a1ad487e2 to your computer and use it in GitHub Desktop.
Download ZIP
docker on lxc on turris omnia
Raw
README.md

Turris

opkg install kmod-veth
opkg install kmod-ipt-extra
opkg install iptables-mod-extra
  • Install a new container (I created an arch linux container)
  • Open up the /srv/lxc/containername/config file for editing:
# Be aware this has security implications
lxc.include = /usr/share/lxc/config/nesting.conf

# Configure network to bridge to lan
lxc.net.0.type = veth
lxc.net.0.link = br-lan
lxc.net.0.flags = up
lxc.net.0.name = eth0
lxc.net.0.hwaddr = 22:11:85:de:f9:fb
# Add the following lines to open up access to the host, allowing docker to successfully start
raw.lxc: |-
lxc.mount.auto = cgroup:rw:force
lxc.cgroup.devices.allow = a
security.nesting: "true"
security.privileged: "true"
lxc.cap.drop =
  • Save and exit the config file
  • Start the lxc container
lxc-start -n <container_name>
  • Attach to the console of the lxc container
lxc-attach -n <container_name>

Install prerrequisites:

apt install iptables kmod
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

Finally, install docker:

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment