Using VMs to Run Containers and Uninstalling Docker from the Main OS
I always get panicked when I visit the Gentoo page for Docker. There’s a big warning which says:
Warning
Allowing a user to talk to the Docker daemon is equivalent to giving the user full root access to the host.
Essentially, any user with access to the Docker daemon has root-level access to the host system, which can pose significant security risks. A quote from an article on opensource.com elaborates:
“The biggest problem is everything in Linux is not namespaced. Currently, Docker uses five namespaces to alter processes’ view of the system: Process, Network, Mount, Hostname, Shared Memory.
While these give the user some level of security, it is by no means comprehensive, like KVM (Kernel-based Virtual Machine). In a KVM environment, processes in a virtual machine do not talk to the host kernel directly. They do not have any access to kernel file systems like /sys and /sys/fs, /proc/*.”
I know most people (including me) download random Docker images and launch them on their host without checking the source. Many are unaware that using root privileges within a container is equivalent to giving root access to their main system.
So I started to think if I can use containers within a VM to isolate them from my main system.
To achieve this, I built a Bash script called vms to easily manage several headless VMs. I began using this tool to run Docker within a VM and eventually uninstalled Docker completely from my main system :).
Steps for Setting Up a VM for Docker
Step 1: Clone the Repository
First, clone the repository from GitHub and install vms
:
$ git clone https://github.com/hozan23/vms
$ cd vms
$ make PREFIX=/home/USER/.local install
Step 2: Download the Arch Linux ISO
Download the Arch Linux ISO file from archlinux.org.
Step 3: Create a New VM
Create a new VM with a specified disk size:
$ vms create docker 50G
Step 4: Start the Installation
Boot the VM with the Arch Linux ISO to start the installation:
$ vms boot docker /home/USER/download/ISO_FILE
Step 5: Configure the VM
After completing the installation, check the configuration file and modify the ports forwarding variable. For example, to forward ports for SSH, pgAdmin, and PostgreSQL, you can add:
ports=10022:22 8080:80 5432:5432
Step 6: Run the VM
Run the VM with the following command:
$ vms run docker
Step 7: Install Docker on the VM
Now, you can install Docker on the VM and run a Docker Compose containing PostgreSQL and pgAdmin.
Step 8: Access the VM via SSH
You can access the VM via SSH with the following command:
$ ssh USER@localhost:10022
Make sure to enable the SSH daemon on the VM.
By following the steps above, you can set up and manage your Docker containers within a VM.