Is it safe to extract the root filesystem of a Docker.io image and use it in a chroot?

I have recently discovered Docker, and I think it’s a great tool for managing my runtime environments. However, I also have some OpenVZ VPS’es that don’t support LXC, so I’m thinking about using docker export to export the filesystem of an image, extract the resulting tarball to a directory in the VPS, and then chroot into that directory and run the services inside the image.

Is it safe to do this? What customizations does Docker make to the filesystem of its image (I can see a .dockerinit file in the root directory at first glance)? Any tips & pitfalls of this approach?

  • Installing R Language on Ubuntu 16 - unmet dependencies
  • Unable to install docker 1.5 on ubuntu 14.04 64bit
  • ebean-orm.xml not reloading after change
  • Using VNCserver + GUI application + Virtual Display in Docker container
  • Can't install s3fs-fuse(yum fuse-devel version issue) and can't install libfuse(./config missing issue)
  • Gradle under Docker - Could not open cp_proj remapped class cache
  • “kubectl get services” doesn't show an “ExternalIP” column
  • Puppet container wont start automatically
  • Installing PostgreSQL within a docker container
  • Connecting to Redis running in Docker Container from Host machine
  • Java app in Docker container does not log to syslog properly
  • Automatic self-configuration of an etcd cluster as a Docker swarm service
  • One Solution collect form web for “Is it safe to extract the root filesystem of a Docker.io image and use it in a chroot?”

    The main risk would be isolation. If your OpenVZ is properly configured and warranty the isolation, you are good to go.

    Docker does not do any modification to the file system. At runtime, it mounts itself as .dockerinit. We use this in order to setup the user/group and network once the container is started.

    In future version, docker will support different isolation backend like libvirt or even chroot. The base image aren’t going to change though, so there is no problem using docker images on OpenVZ.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.