In my research, I deployed a number of containers which used a kernel module (named Ipfw3, actually a firewall) loaded on the host machine. This led to a confliction when those containers update their rules on Ipfw3 at the same time. Is there any way to make the Ipfw3 independent on each container? I mean those containers still share the linux kernel together except the kernel module called 'Ipfw3', thus having their own kernel module working separately in each container? Thanks in advance for your help.
Asked
Active
Viewed 371 times
1 Answers
1
Docker containers share the host's kernel and some other implementation details like the iptables setup. Containers usually can't install or configure kernel modules and depend on the Docker runtime to fully manage their network environment for them.
For your application, where you are actively trying to use different kernel modules per container and are trying to actively modify firewall rules in the application, you need a full virtual machine. Docker doesn't support this.
David Maze
- 130,717
- 29
- 175
- 215