Docker loading kernel modules

Question

I tried to install a kernel module, xfsprogs. It was successfully installed inside a container. It is really surprising, but lsmod doesn't list this module inside container or in the host system. How can a new kernel module loaded in a container?(CentOS container, Ubuntu host)

`xfsprogs` is a **package**, provided user-space **libraries**. `lsmod` shows **kernel modules**, currently loaded into kernel. — Tsyvarev, Oct 08 '15 at 11:38
But then what is the necessary module for `xfs` fs. "support"? — , Oct 08 '15 at 13:20
For make system able to mount filesystems formatted with `xfs`, you need to build kernel with xfs module enabled (in the configuration file). If `sudo modprobe xfs` (running on host machine) reports error that module is not found, then your kernel has no support for xfs filesystem. — Tsyvarev, Oct 08 '15 at 19:12
I see, but how can I fix it(disabled xfs module) on host machine? — , Oct 08 '15 at 20:23
The only clean way to enable `xfs` module in the kernel is rebuilding kernel(from Docker's kernel sources) with configuration file contained `CONFIG_XFS_FS := m`. If this way is inaccessible for some reason.. the other ways are just hacks, and are not simple ones. — Tsyvarev, Oct 08 '15 at 20:44

Tinkaal Gogoi · Answer 1 · 2022-10-21T12:54:32.653

33

In Linux host:

Run the container in privileged mode (--privileged)
Add all capabilities (--cap-add=ALL)
mount host /lib/modules into the container (-v /lib/modules:/lib/modules)

docker run --name container_name \
           --privileged \
           --cap-add=ALL -d \
           -v /dev:/dev \
           -v /lib/modules:/lib/modules \
           image_id

Caution: Here all Linux capabilities are added so capabilities can be refined. Few words about Linux capabilities Model

edited Oct 21 '22 at 12:54

answered May 11 '16 at 10:46

Tinkaal Gogoi

4,344
4
27
36

1

what should be used when you're running a windows or macosx version of docker? Where are the moby linux kernel modules? – user725408 Mar 17 '17 at 11:09
In docker toolbox for windows, which runs boot2docker linux host beneath it , you can ssh into it and see the modules under /lib/modules – Tinkaal Gogoi Mar 24 '17 at 10:28
I guess I'm not clear on your answer. So if I'm running on a Mac, there is no /lib/modules directory. There might be on the underlying VM running Docker daemon. But when you use -v parm here, my understanding is that its accessing the host (Mac) system - not the VM. – jersey bean Aug 23 '20 at 07:07

askb · Accepted Answer · 2015-10-09T10:49:41.670

Containers interact with the kernel through system calls and don't include any part of the kernel or the kernel modules inside the container. This is one of the reasons why containers designed to be light weight and portable. Also xfsprogs are user space programs and not kernel modules.

How can a new kernel module loaded in a container?(CentOS container, Ubuntu host)

The module needs to be loaded on your host OS, and not from the docker container.

score 4 · Answer 3 · answered May 18 '17 at 18:41

Falco is an example of a container that loads a kernel module as part of its start process.

docker run -i -t --name falco --privileged \
  -v /var/run/docker.sock:/host/var/run/docker.sock \
  -v /dev:/host/dev \
  -v /proc:/host/proc:ro \
  -v /boot:/host/boot:ro \
  -v /lib/modules:/host/lib/modules:ro \
  -v /usr:/host/usr:ro \
  sysdig/falco

Docker loading kernel modules

3 Answers3

Linked