Is it safe to extract the root filesystem of a Docker.io image and use it in a chroot?

I have recently discovered Docker, and I think it’s a great tool for managing my runtime environments. However, I also have some OpenVZ VPS’es that don’t support LXC, so I’m thinking about using docker export to export the filesystem of an image, extract the resulting tarball to a directory in the VPS, and then chroot into that directory and run the services inside the image.

Is it safe to do this? What customizations does Docker make to the filesystem of its image (I can see a .dockerinit file in the root directory at first glance)? Any tips & pitfalls of this approach?

  • Mesos, Marathon, Docker, Wildfly
  • Am I using flyway wrong?
  • Work with docker and IDE
  • expose files from docker container to host
  • Docker swarm cluster and elasticsearch, using constraints to bind a service to a specific node
  • Redis client times out when connecting
  • Custom port forwarding to docker container
  • run jenkins pipeline agent with sudo
  • Docker unable to connect AWS EC2 cloud
  • Flow of registration between kafka and zookeeper
  • Building docker image that downloads large file fails with error
  • Docker HTTP-requests between containers
  • One Solution collect form web for “Is it safe to extract the root filesystem of a Docker.io image and use it in a chroot?”

    The main risk would be isolation. If your OpenVZ is properly configured and warranty the isolation, you are good to go.

    Docker does not do any modification to the file system. At runtime, it mounts itself as .dockerinit. We use this in order to setup the user/group and network once the container is started.

    In future version, docker will support different isolation backend like libvirt or even chroot. The base image aren’t going to change though, so there is no problem using docker images on OpenVZ.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.