## WORK IN PROGRESS ## Docker on Android Setup: ``` Samsung Galaxy Tab S5e SM-T720 Android Pie on Linux 4.9.112 (not rooted) Termux golang 1.12 ``` ### Client This will install the docker client to your ~/go/bin/ directory. ``` go get github.com/docker/cli/cmd/docker ``` The client is working, you can export DOCKER_HOST value to work with the dockerd, for example: ``` # export DOCKER_HOST=unix://$HOME/docker.sock export DOCKER_HOST=tcp://192.168.X.Y:2376 docker run hello-world ``` ### Server ``` go get -u -d github.com/docker/docker/cmd/dockerd rm -vf ~/go/src/github.com/docker/docker/daemon/graphdriver/register/register_btrfs.go rm -vf ~/go/src/github.com/docker/docker/daemon/graphdriver/register/register_devicemapper.go cd ~/go/src/github.com/docker/docker/cmd/dockerd go install ``` #### containerd containerd is the container runtime used by dockerd. ``` go get -u -d github.com/containerd/containerd/cmd/containerd rm -vf ~/go/src/github.com/containerd/containerd/cmd/containerd/builtins_btrfs_linux.go cd ~/go/src/github.com/containerd/containerd/cmd/containerd go install ``` ### rootless docker 1. Install rootlesskit ``` source ~/go/src/github.com/docker/docker/hack/dockerfile/install/rootlesskit.installer REFIX=$GOPATH/bin _install_rootlesskit ``` 2. Install slirp4netns ``` git clone -b v0.3.0 https://github.com/rootless-containers/slirp4netns.git cd slirp4netns ./autogen.sh ./configure --prefix=$PREFIX make make install ``` 3. Run rootless dockerd ``` ~/go/src/github.com/docker/docker/contrib/dockerd-rootless.sh --experimental ``` Issue: Apparently non-rooted Android is not permitting using the namespaces, probably due to SELinux rules or any other means such as ``unprivileged_userns_clone`` set to ``0``.. please try this if you have rooted Android. ``` + exec rootlesskit --net=slirp4netns --mtu=65520 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run /data/data/com.termux/files/home/go/src/github.com/docker/docker/contrib/dockerd-rootless.sh --experimental WARN[0000] "builtin" port driver is experimental [rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted ``` ``` $ strace rootlesskit --net=slirp4netns --mtu=65520 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run bash |& grep CLONE_NEWUSER clone(child_stack=NULL, flags=CLONE_NEWUSER|SIGCHLD) = -1 EPERM (Operation not permitted) $ strace unshare -U id |& grep PERM unshare(CLONE_NEWUSER) = -1 EPERM (Operation not permitted) ``` ## Refs - https://forums.docker.com/t/is-it-possible-to-runn-docker-engine-on-android-devices/16135 - [#37375](https://github.com/moby/moby/issues/37375) Proposal: allow running `dockerd` as an unprivileged user (aka rootless mode) - https://github.com/rootless-containers/rootlesskit.git - [slirp4netns](https://github.com/rootless-containers/slirp4netns) - https://github.com/docker/cli/tree/master/cmd - https://github.com/moby/moby/issues/37375 ### my go env The defaults I have on my config: ``` $ go env GOARCH="arm64" GOBIN="" GOCACHE="/data/data/com.termux/files/home/.cache/go-build" GOEXE="" GOFLAGS="" GOHOSTARCH="arm64" GOHOSTOS="android" GOOS="android" GOPATH="/data/data/com.termux/files/home/go" GOPROXY="" GORACE="" GOROOT="/data/data/com.termux/files/usr/lib/go" GOTMPDIR="" GOTOOLDIR="/data/data/com.termux/files/usr/lib/go/pkg/tool/android_arm64" GCCGO="gccgo" CC="aarch64-linux-android-clang" CXX="aarch64-linux-android-clang++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/data/data/com.termux/files/usr/tmp/go-build067260183=/tmp/go-build -gno-record-gcc-switches" ```