Original link: https://editor.leonh.space/2022/docker-on-ubuntu-14-04/
Due to some factors, the solution of picking up the old Ubuntu 14.04 and installing Docker must be evaluated. To do this now that Ubuntu 14.04 has been out of the market for many years, of course it is not as simple as apt install docker.io , otherwise this article will not appear .
Which Docker?
There is Docker in the original Ubuntu package library, which is the docker.io mentioned earlier. Whether it is Ubuntu 14.04 or the current Ubuntu, it is not recommended to use this package to install Docker, because these Ubuntu comes with docker.io Not officially maintained by Docker Inc., so updates are always one step or even many steps behind. What’s the problem with slow updates? The answer is insecure, let’s take a look at Docker’s vulnerability list and imagine how much security risk our system would be exposed to if we installed a docker.io that was barely updated.
Therefore, under the prerequisite that the OS must be Ubuntu 14.04, we still want to reduce the security risk of the system as much as possible, so we must use the latest official Docker package to install Docker.
Just like what Mr. Lu, the Secretary of Security, said in the Cold War movie:
In extraordinary times, use extraordinary methods (but still can’t hit the people)
Copyright: Huaying Entertainment Co., Ltd.
Install Docker
First install some basic kits:
> sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
Download and add the Docker GPG key to the system:
> curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Officially add the Docker official suite library to the system:
> sudo add-apt-repository " deb [arch=amd64] https://download.docker.com/linux/ubuntu $ ( lsb_release -cs ) stable "
Install Docker:
> sudo apt install docker-ce
After installing Docker according to the above steps, if you try to operate the image or even create a container, it will seem normal at first glance, but once you want to enter the container, it will be wrong:
> sudo docker start --interactive 62ba docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:301: running exec setns process for init caused \"exit status 23\"": unknown
Got this bunch of unintelligible error messages above.
The Linux kernel must be updated to function properly.
Install the new Linux kernel
Find out why you have to do it before you go hard.
In order to solve the vulnerability of CVE-2019-5736 , Docker’s Linux kernel version requirement is 3.17 or above. Unfortunately, the Linux kernel of Ubuntu 14.04 is only up to 3.13. Fortunately, through Ubuntu’s LTS Enablement Stacks mechanism, we can use Ubuntu 14.04. There is a way to install the Linux 4.4 kernel for 16.06.
Install the new Linux kernel:
$ sudo apt-get install --install-recommends linux-generic-lts-xenial
After the installation is complete, restart the computer. After restarting, the system should be the core of version 4.4.
Try to enter the container again and it should be successful.
later
Although it is technically feasible and OK to test, this solution has not been applied to the official machine in the end. Just kidding, how could it be possible to replace the core with the official version of the machine? Of course, we must first study it without harming the body and then pay attention to the curative effect!
The first research does not hurt the body Copyright: Wuzhou Pharmaceutical
This article is reprinted from: https://editor.leonh.space/2022/docker-on-ubuntu-14-04/
This site is for inclusion only, and the copyright belongs to the original author.