Setup:
Samsung Galaxy Tab S5e SM-T720
Android Pie on Linux 4.9.112 (not rooted)
Termux
golang 1.12
This will install the docker client to your ~/go/bin/ directory.
go get github.com/docker/cli/cmd/docker
The client is working, you can export DOCKER_HOST value to work with the dockerd, for example:
# export DOCKER_HOST=unix://$HOME/docker.sock
export DOCKER_HOST=tcp://192.168.X.Y:2376
docker run hello-world
go get -u -d github.com/docker/docker/cmd/dockerd
rm -vf ~/go/src/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go
rm -vf ~/go/src/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go
cd ~/go/src/github.com/docker/docker/cmd/dockerd
go install
containerd is the container runtime used by dockerd.
go get -u -d github.com/containerd/containerd/cmd/containerd
rm -vf ~/go/src/github.com/containerd/containerd/cmd/containerd/builtins_btrfs_linux.go
cd ~/go/src/github.com/containerd/containerd/cmd/containerd
go install
- Install rootlesskit
source ~/go/src/github.com/docker/docker/hack/dockerfile/install/rootlesskit.installer
REFIX=$GOPATH/bin _install_rootlesskit
- Install slirp4netns
git clone -b v0.3.0 https://github.com/rootless-containers/slirp4netns.git
cd slirp4netns
./autogen.sh
./configure --prefix=$PREFIX
make
make install
- Run rootless dockerd
~/go/src/github.com/docker/docker/contrib/dockerd-rootless.sh --experimental
Issue:
Apparently non-rooted Android is not permitting using the namespaces, probably due to SELinux rules or any other means such as unprivileged_userns_clone
set to 0
.. please try this if you have rooted Android.
+ exec rootlesskit --net=slirp4netns --mtu=65520 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run /data/data/com.termux/files/home/go/src/github.com/docker/docker/contrib/dockerd-rootless.sh --experimental
WARN[0000] "builtin" port driver is experimental
[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted
$ strace rootlesskit --net=slirp4netns --mtu=65520 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run bash |& grep CLONE_NEWUSER
clone(child_stack=NULL, flags=CLONE_NEWUSER|SIGCHLD) = -1 EPERM (Operation not permitted)
$ strace unshare -U id |& grep PERM
unshare(CLONE_NEWUSER) = -1 EPERM (Operation not permitted)
- https://forums.docker.com/t/is-it-possible-to-runn-docker-engine-on-android-devices/16135
- #37375 Proposal: allow running
dockerd
as an unprivileged user (aka rootless mode) - https://github.com/rootless-containers/rootlesskit.git
- slirp4netns
- https://github.com/docker/cli/tree/master/cmd
- moby/moby#37375
The defaults I have on my config:
$ go env
GOARCH="arm64"
GOBIN=""
GOCACHE="/data/data/com.termux/files/home/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="arm64"
GOHOSTOS="android"
GOOS="android"
GOPATH="/data/data/com.termux/files/home/go"
GOPROXY=""
GORACE=""
GOROOT="/data/data/com.termux/files/usr/lib/go"
GOTMPDIR=""
GOTOOLDIR="/data/data/com.termux/files/usr/lib/go/pkg/tool/android_arm64"
GCCGO="gccgo"
CC="aarch64-linux-android-clang"
CXX="aarch64-linux-android-clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/data/data/com.termux/files/usr/tmp/go-build067260183=/tmp/go-build -gno-record-gcc-switches"
The fetaures you enabled in the kernel and the bug that causes the crash are not related. There's no specific order on which you should do first. Just make sure you did both of them (enabling the features using make menuconfig and aplying the patch) before compiling the kernel.