Is it safe to extract the root filesystem of a image and use it in a chroot?

I have recently discovered Docker, and I think it’s a great tool for managing my runtime environments. However, I also have some OpenVZ VPS’es that don’t support LXC, so I’m thinking about using docker export to export the filesystem of an image, extract the resulting tarball to a directory in the VPS, and then chroot into that directory and run the services inside the image.

Is it safe to do this? What customizations does Docker make to the filesystem of its image (I can see a .dockerinit file in the root directory at first glance)? Any tips & pitfalls of this approach?

  • How to add a device to all docker containers
  • Delete entire project from docker registry?
  • dpkg: docker-ce: dependency problems, but removing anyway as you requested: nvidia-docker
  • Setting DOCKER_HOST after Docker Toolbox/Mac install
  • Where is the new docker hub api documentation?
  • Docker: get/print ID of running container
  • Looking up a container's address via its hostname dynamically in Nginx
  • Docker Packages: Hash Sum Mismatch
  • Dockerfile: understanding VOLUME instruction
  • access mysql with kubernetes : access denied for user root
  • What are differences between Docker and Octopus Deploy
  • Mono TLS1.2 issues - btls-cert-sync “command not found”
  • One Solution collect form web for “Is it safe to extract the root filesystem of a image and use it in a chroot?”

    The main risk would be isolation. If your OpenVZ is properly configured and warranty the isolation, you are good to go.

    Docker does not do any modification to the file system. At runtime, it mounts itself as .dockerinit. We use this in order to setup the user/group and network once the container is started.

    In future version, docker will support different isolation backend like libvirt or even chroot. The base image aren’t going to change though, so there is no problem using docker images on OpenVZ.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.