Is it safe to extract the root filesystem of a Docker.io image and use it in a chroot?

I have recently discovered Docker, and I think it’s a great tool for managing my runtime environments. However, I also have some OpenVZ VPS’es that don’t support LXC, so I’m thinking about using docker export to export the filesystem of an image, extract the resulting tarball to a directory in the VPS, and then chroot into that directory and run the services inside the image.

Is it safe to do this? What customizations does Docker make to the filesystem of its image (I can see a .dockerinit file in the root directory at first glance)? Any tips & pitfalls of this approach?

  • A Neo4j container (docker) with initial data in it
  • Docker compose builds image in one directory but not in another
  • Error with Go Get for Protobuf in Dockerfile
  • Install MySQL connector/J in Docker container
  • Is it possible to install Docker on Raspberry Pi 2 Model B?
  • Starting Mesos slave in Docker on Amazon Linux results in cgroup error
  • Dockerhub Automated Builds tagging
  • Why are my multiple containers of a Neo4j image sharing data with Docker?
  • EF Core migrations using asp.net core, SQL Server and Docker yields dotnet SDK error
  • How to run Docker container and watch the logs in one single command
  • wercker with docker switching user results in error, how to install nvm then?
  • How to attach to a demonized container in docker
  • One Solution collect form web for “Is it safe to extract the root filesystem of a Docker.io image and use it in a chroot?”

    The main risk would be isolation. If your OpenVZ is properly configured and warranty the isolation, you are good to go.

    Docker does not do any modification to the file system. At runtime, it mounts itself as .dockerinit. We use this in order to setup the user/group and network once the container is started.

    In future version, docker will support different isolation backend like libvirt or even chroot. The base image aren’t going to change though, so there is no problem using docker images on OpenVZ.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.