Docker containers as Linux services?

I just created a secure Docker Registry and ran it on a remote VM (using docker run ...). I then ran docker ps and saw that it is in fact running. I exited the machine and then SSHed back in. Again, I ran docker ps and verified it “survived” me exiting the SSH session.

This has me wondering: do Docker containers actually run as Linux services? If not, is there any way of getting them to run as traditional (upstart– or systemd-based) services? Is there even any reason/merit to do so?

  • Initialize data on dockerized mongo
  • Gitlab CI /var/run/docker.sock: write: broken pipe
  • When should you create more than one docker container image instance with Kubernetes Replication Controller?
  • Azk with phpmyadmin
  • Docker doesn't start MONGODB, and IPAddress doesn't appear, when started with other services
  • Using Docker, with Selenium and Pytest to run parallel tests
  • Docker Storm Cluster Example
  • Docker swarm create command difference
  • Mesos+ZooKeeper don't work fine
  • Docker on Elastic Beanstalk - connect() failed (111: Connection refused) while connecting to upstream
  • Two Logstash instances on same Docker container
  • Setup private docker registry with OAUauthentication (with specific namespace for each user)
  • One Solution collect form web for “Docker containers as Linux services?”

    The docker engine runs as a daemon.
    That is mentioned in “Host integration”:

    As of Docker 1.2, restart policies are the built-in Docker mechanism for restarting containers when they exit. If set, restart policies will be used when the Docker daemon starts up, as typically happens after a system boot. Restart policies will ensure that linked containers are started in the correct order.

    If restart policies don’t suit your needs (i.e., you have non-Docker processes that depend on Docker containers), you can use a process manager like upstart, systemd or supervisor instead.

    That involves (when a container runs with some options) some security fraught, by the way: see issue 14767 and issue 6401:

    The container (with --net host option) is the host when it comes to the network stack so any services running on the host are accessible to the container. It just so happens that you communicate to upstart ( and others ) this way.

    This feature is a runtime only option, just like the --privileged flag, therefore an image cannot request this, it must be explicitly set at runtime.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.