Building a docker-enabled kernel for the SolidRun

The stock kernel config included in the dev environment lacks a few options for docker to run. Here is how you can enable additional options in the kernel, and how I managed to get a dockerd running on my SolidRun machine.

First of all, have a setup where you know you will reliably build a lx2160a firmware. I did it using the GitHub - SolidRun/lx2160a_build: Scripts to build basic images for LX2160A COM express type 7 modules repo.

Then, the idea I followed (not necessarily the cleaniest way…) was to add the docker related options to the config/lx2k_additions.config file. I specifically added :
CONFIG_BPF=y
CONFIG_IRQ_WORK=y
CONFIG_TASKS_TRACE_RCU=y
CONFIG_NETFILTER_XT_MATCH_IPVS=y
CONFIG_NETFILTER_XT_MARK=y
CONFIG_BPF_SYSCALL=y
CONFIG_CGROUP_BPF=y
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_VS=y
CONFIG_IP_VS_NFCT=y
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_RR=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_NAT_TFTP=y
CONFIG_NF_CONNTRACK_TFTP=y
CONFIG_VXLAN=y
CONFIG_DUMMY=y
CONFIG_IPVLAN=y

And voilà… Build (via docker on PC) the UIbuntu firmware, added docker in it, and dockerd runs.

Thanks for the instructions. For some reason, I also needed to add

CONFIG_CGROUPS=y
CONFIG_NAMESPACES=y
CONFIG_NET_NS=y

for the containers to actually run. Actually, I don’t know if the CGROUPS config was necessary (I just threw it in for good measure) but the latter two certainly were.

In addition, while running on Ubuntu 22.04 I also needed to

update-alternatives --config iptables

to select iptables-legacy.

yes CGROUPS are required to run docker containers. That is what provides the security separation.