I’m thinking about overhauling the infrastructure behind this site (and others) a bit and want to place as many services as possible into Docker containers that can then run inside a small Virtual Machine on Amazon EC2. So I started playing around with some Virtual Machines locally and since Ubuntu would be too boring, I decided to give Alpine Linux a try. It promises to be really lightweight so that seams ideal as a container host running inside a VM.

After finally figuring out how to install Alpine (which is another story), installing Docker was relatively straightforward based on their Wiki:

1. Add the Community Repository to the APK Repositories file:

   ~# vim /etc/apk/repositories

   Add the following line:

   http://dl-6.alpinelinux.org/alpine/edge/community

   Or, if you are using a mirror, use the URL of the mirror, in my case:

   http://mirror1.hs-esslingen.de/pub/Mirrors/alpine/edge/community

2. Update the list of available software:

   ~# apk update

3. Install Docker:

   ~# apk add docker

4. Configure docker daemon to start automatically on boot:

   ~# rc-update add docker boot

5. Start the docker daemon:

   ~# service docker start

6. Verify it’s running:

   ~# docker ps

   Output should look like this:

   CONTAINER ID    IMAGE    COMMAND    CREATED    STATUS    PORTS    NAMES

Great, now I have a running Docker Daemon. Time to build a simple container. I quickly created a very short Dockerfile and ran docker build. After downloading some layers, it failed with a very cryptic error message:

failed to register layer: ApplyLayer exit status 1 stdout:  stderr: chmod /bin/mount: permission denied

Searching for this message on Google lead me down many rabbit holes, but ultimately it takes only a single command to make it go away:

sysctl -w kernel.grsecurity.chroot_deny_chmod=0

This disables a security feature inside the Kernel, so it might not be safe for a production environment that runs containers but I think it’s acceptable for the machine that merely builds them.