# Docker container & Cgroup

Docker’s value proposition is convenient. reproducible, self-contained packaging of software. It’s the ability to deploy pieces of existing, battle-tested, gnarly and imperfect software next to each other, and care not about their conflicting or missing dependencies. It’s more like Flatpak or AppImage, only more popular and easy. - HN / The What, Why and How of Containers

This packaging also includes a kind of network insulation, exposing only the desired ports, making it easy to have VLANs between containers that do not interfere, etc. This is, again, not a serious security mechanism, but more of a convenience, but a very valuable convenience.

Docker uses the Linux kernel and features of the kernel, like Cgroups and namespaces, to segregate processes so they can run independently as if they were running on separate system. - What is Docker?

Exposing X11

x11docker - un GUI applications in Docker ?

export DISPLAY=:0.0
xhost +local:docker
docker run .. --env DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix

Install

Atlernative on Pi should work as well

curl -sSL https://get.docker.com | sh # install
sudo usermod -aG docker $USER         # config user permission
docker run hello-world                # test

sudo apt install docker.io
# sudo systemctl unmask docker
sudo systemctl enable --now docker
sudo usermod -aG docker $LOGNAME
docker --version

Test that docker works

docker run hello-world

Finally check that docker is using overlay2

docker info | grep -A 5 -i storage

Convert to overlay2 storage driver

AMD recommends using ‘overlay2’, whose dependencies are met by the ROCm kernel - ROCm

if necessary, see above.

move docker’s default /var/lib/docker to another directory

need to move /var/lib/docker folder as a whole
or pass argument to daemon

sudo systemctl stop docker			# stop docker

Edit /etc/docker/daemon.json

{
  "storage-driver": "overlay2"
}

sudo systemctl start docker			# start docker

Verify that the daemon is using the overlay2 storage driver.

docker info

How to completely uninstall docker

remove docker-compose as well (pip install?)

// check docker is installed or not
dpkg -l | grep -i docker

// remove volume , network , container and image files
sudo docker volume prune -f
sudo docker network prune -f
sudo docker container prune -f
sudo docker image prune -a

// remove docker - using input from first command
sudo apt purge docker-ce docker-ce-cli docker-ce-rootless-extras docker-scan-plugin python3-docker

// should not have docker anymore
dpkg -l | grep -i docker

// remove dependency packages related to docker
sudo apt autoremove
sudo apt autoclean

// final check to see what's remaining
// sudo find / -name '*docker*' => this will scan user data as well
// if we focus on system part
sudo find /proc -name '*docker*'
sudo find /root -name '*docker*'
sudo find /usr -name '*docker*'
sudo find /etc -name '*docker*'
sudo find /opt -name '*docker*'
sudo find /var -name '*docker*'

// rm to clean

// there is possibly docker group left
// as well as docker compose

/etc/docker/daemon.json

Dealing with dynamically created devices / SO / device allow

Alternatives

podman - daemonless container engine - Simply put: alias docker=podman
containerd - What is Containerd?
- nerdctl - a Docker-compatible CLI for containerd.
LXC

Written on August 16, 2019, Last update on November 7, 2023

docker cgroup