Restart docker container in privileged mode
Solution 1
The container configuration is in /var/lib/docker/containers/<id>/hostconfig.json - you can edit it and restart your container, but docker shouldn't be running when you edit it.
# docker run -ti --name test fedora:25 /bin/bash
# echo 512 > /proc/sys/net/core/somaxconn # in docker
bash: /proc/sys/net/core/somaxconn: Read-only file system
# exit # exit docker, back to host
# systemctl stop docker # or stop it with whatever servicemanager you're using
# cd /var/lib/docker/containers/b48fcbce0ab29749160e5677e3e9fe07cc704b47e84f7978fa74584f6d9d3c40/
# cp hostconfig.json{,.bak}
# cat hostconfig.json.bak | jq '.Privileged=true' | jq '.SecurityOpt=["label=disable"]' > hostconfig.json
# systemctl start docker
# docker start test
test
# docker exec -ti test /bin/bash
# echo 512 > /proc/sys/net/core/somaxconn # in docker, now works
This will off course shut down all containers while you're making the changes.
Solution 2
No, and you should not be configuring containers directly. Doing so results in an environment that's difficult to maintain (which you've found). Include your configuration in your docker-compose.yml, an attached volume, or the Dockerfile, as appropriate. That allows you to update the container by replacing it.
For reference, the only settings docker lets you update on a running container are the following:
$ docker update --help
Usage: docker update [OPTIONS] CONTAINER [CONTAINER...]
Update configuration of one or more containers
Options:
--blkio-weight uint16 Block IO (relative weight), between 10
and 1000, or 0 to disable (default 0)
--cpu-period int Limit CPU CFS (Completely Fair Scheduler)
period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler)
quota
--cpu-rt-period int Limit the CPU real-time period in microseconds
--cpu-rt-runtime int Limit the CPU real-time runtime in
microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpus decimal Number of CPUs
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
--help Print usage
--kernel-memory bytes Kernel memory limit
-m, --memory bytes Memory limit
--memory-reservation bytes Memory soft limit
--memory-swap bytes Swap limit equal to memory plus swap:
'-1' to enable unlimited swap
--restart string Restart policy to apply when a container exits
Related videos on Youtube
Asa Carter
Updated on September 18, 2022Comments
-
Asa Carter almost 2 years
I have a docker container that is not coping with the load.
I need increase the value in
/proc/sys/net/core/somaxconn
but I'm unable to do so because the container is not running in privileged mode.Since creating the docker file, there have been several tweaks to the nignx and php configurations.
Is it possible to restart the container with privileged mode without losing the configuration changes I've already made?
-
Asa Carter almost 7 yearsI've enabled privileged mode in the host config and restarted. After restarting, sysctl is still not writable.
-
unilynx almost 7 yearsLooks like docker caches and overwrites hostconfig.json on startup if you keep it running. Did a fuller test, but still another good reason not to actually do it :-)
-
Asa Carter almost 7 yearsI didn't see that update and ended up removing the container and running it again in Privileged mode. Good to know for the future..