Docker containers as Linux services?

I just created a secure Docker Registry and ran it on a remote VM (using docker run ...). I then ran docker ps and saw that it is in fact running. I exited the machine and then SSHed back in. Again, I ran docker ps and verified it “survived” me exiting the SSH session.

This has me wondering: do Docker containers actually run as Linux services? If not, is there any way of getting them to run as traditional (upstart– or systemd-based) services? Is there even any reason/merit to do so?

  • issue with the docker compose file
  • Docker load image is not working on Windows 10
  • Ubuntu16 Docker-engine startup error: “no sockets found via socket activation: make sure the service was started by systemd”
  • Selenium grid error PROXY_REREGISTRATION and session lost
  • Docker for Mac and --host option
  • Get mysql error when deploy laravel project with Docker
  • CentOS 7.0 docker fail to start service
  • docker-compose v3 prepend folder name to network name
  • Install later version of docker-engine stuck on Travis build
  • dotnet core app not writing to WebDAV from docker container
  • Boot2Docker/Fig mounted volume not refreshing
  • Laravel - Nginx - Docker - Behat combination
  • One Solution collect form web for “Docker containers as Linux services?”

    The docker engine runs as a daemon.
    That is mentioned in “Host integration”:

    As of Docker 1.2, restart policies are the built-in Docker mechanism for restarting containers when they exit. If set, restart policies will be used when the Docker daemon starts up, as typically happens after a system boot. Restart policies will ensure that linked containers are started in the correct order.

    If restart policies don’t suit your needs (i.e., you have non-Docker processes that depend on Docker containers), you can use a process manager like upstart, systemd or supervisor instead.

    That involves (when a container runs with some options) some security fraught, by the way: see issue 14767 and issue 6401:

    The container (with --net host option) is the host when it comes to the network stack so any services running on the host are accessible to the container. It just so happens that you communicate to upstart ( and others ) this way.

    This feature is a runtime only option, just like the --privileged flag, therefore an image cannot request this, it must be explicitly set at runtime.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.