Docker containers as Linux services?

I just created a secure Docker Registry and ran it on a remote VM (using docker run ...). I then ran docker ps and saw that it is in fact running. I exited the machine and then SSHed back in. Again, I ran docker ps and verified it “survived” me exiting the SSH session.

This has me wondering: do Docker containers actually run as Linux services? If not, is there any way of getting them to run as traditional (upstart– or systemd-based) services? Is there even any reason/merit to do so?

  • Running django management command on docker cloud
  • docker run with ENTRYPOINT containing a variable
  • How to access JIRA Software files in a docker image?
  • Cannot remove all containers in a row
  • Can't Unzip Files in Docker VM (Boot2Docker) / Windows 7 / CRC Error
  • Repeated “checking for a bsd-compatible install …” step running ./configure in docker container with debian jessie
  • How to start multiple processes for a Docker container in a bash script
  • PHP version is wrong in phpinfo() output
  • Is there any point in Dockerizing a remote Git repository?
  • Running MPD server with Mopidy docker container, how do I play on Mac?
  • How to ADD sibling directory to Docker image
  • docker after run image 404. Tomcat - requested resource is not available
  • One Solution collect form web for “Docker containers as Linux services?”

    The docker engine runs as a daemon.
    That is mentioned in “Host integration”:

    As of Docker 1.2, restart policies are the built-in Docker mechanism for restarting containers when they exit. If set, restart policies will be used when the Docker daemon starts up, as typically happens after a system boot. Restart policies will ensure that linked containers are started in the correct order.

    If restart policies don’t suit your needs (i.e., you have non-Docker processes that depend on Docker containers), you can use a process manager like upstart, systemd or supervisor instead.

    That involves (when a container runs with some options) some security fraught, by the way: see issue 14767 and issue 6401:

    The container (with --net host option) is the host when it comes to the network stack so any services running on the host are accessible to the container. It just so happens that you communicate to upstart ( and others ) this way.

    This feature is a runtime only option, just like the --privileged flag, therefore an image cannot request this, it must be explicitly set at runtime.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.