Building a docker-enabled kernel for the SolidRun

benoit.donnette · July 12, 2022, 7:11am

The stock kernel config included in the dev environment lacks a few options for docker to run. Here is how you can enable additional options in the kernel, and how I managed to get a dockerd running on my SolidRun machine.

First of all, have a setup where you know you will reliably build a lx2160a firmware. I did it using the GitHub - SolidRun/lx2160a_build: Scripts to build basic images for LX2160A COM express type 7 modules repo.

Then, the idea I followed (not necessarily the cleaniest way…) was to add the docker related options to the config/lx2k_additions.config file. I specifically added :
CONFIG_BPF=y
CONFIG_IRQ_WORK=y
CONFIG_TASKS_TRACE_RCU=y
CONFIG_NETFILTER_XT_MATCH_IPVS=y
CONFIG_NETFILTER_XT_MARK=y
CONFIG_BPF_SYSCALL=y
CONFIG_CGROUP_BPF=y
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_VS=y
CONFIG_IP_VS_NFCT=y
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_RR=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_NAT_TFTP=y
CONFIG_NF_CONNTRACK_TFTP=y
CONFIG_VXLAN=y
CONFIG_DUMMY=y
CONFIG_IPVLAN=y

And voilà… Build (via docker on PC) the UIbuntu firmware, added docker in it, and dockerd runs.

heksterb · August 3, 2022, 5:05am

Thanks for the instructions. For some reason, I also needed to add

CONFIG_CGROUPS=y
CONFIG_NAMESPACES=y
CONFIG_NET_NS=y

for the containers to actually run. Actually, I don’t know if the CGROUPS config was necessary (I just threw it in for good measure) but the latter two certainly were.

In addition, while running on Ubuntu 22.04 I also needed to

update-alternatives --config iptables

to select iptables-legacy.

jnettlet · August 3, 2022, 5:25am

yes CGROUPS are required to run docker containers. That is what provides the security separation.

hardy · December 28, 2022, 5:52am

Thanks for your share, I also try build a ROM with docker support.
but I try to
1 edit config/lx2k_additions.config ,and add these new CONFIG_BPF=y and so on.
2 docker build -t lx2160a_build docker
3 docker run -i -t -v “$PWD”:/work lx2160a_build -u $(id -u) -g $(id -g)
but when I finish build and use link check
Verify your Linux Kernel for Container Compatibility · Docker Pirates ARMed with explosive stuff (hypriot.com)
I found these config still not build yet, what I miss ?

jnettlet · December 28, 2022, 11:30am

Did you edit configs/lx2k_additions.config or configs/linux/lx2k_additions.config ?

hardy · December 29, 2022, 6:33am

Thanks, It works now, I forgot write to eMMC .
I once think if I use dd write img to sd , when board boot， load kernel from sd first ,then load OS from MMC, then should be OK. but It seems the bootloader it still need read MMC for load kernel in fact.
can you give me a answer ?

jnettlet · December 29, 2022, 6:43am

u-boot uses the common distro boot scripts for choosing the boot device. In u-boot specifically the boot_targets variable specifies the order of booting. Additionally the emmc_dev variable is used also.

Topic		Replies	Views
Add support for nftables NXP LX2160	3	20	November 3, 2024
Linux driver changes when building lx2160a_build with docker NXP LX2160 NXP-LX2160	1	28	July 26, 2024
Rootfs location in lx2160a_build NXP LX2160	7	582	September 13, 2022
Using lx2160a_build repo, how can I build a particular kernel? NXP LX2160	0	236	October 21, 2022
Docker support NXP LX2160 NXP-LX2160	1	559	July 12, 2022

Building a docker-enabled kernel for the SolidRun

Related topics