0

I want to build freebsd docker image, because benchmarks shows that is has lower-latency better organised network stack, which i want to use in my app. so i have following docker file

consider Dockerfile:

FROM alpine:latest
RUN echo $(uname -a)
CMD [echo]

and sudo docker build . prints me kernel version

if i change Dockerfile to another

FROM lexaguskov/freebsd:latest
RUN echo $(uname -a)
CMD [echo]

its not working, prints an error:

Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM lexaguskov/freebsd:latest
latest: Pulling from lexaguskov/freebsd
Image docker.io/lexaguskov/freebsd:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
9503d02123d7: Pull complete 
operating system is not supported

so docker pull command misbehaves, how to fix it? and if linux is not supporting running freebsd-based images, at least it have to allow me to reverse with docker image inspect but i cannot even inspect. what's wrong with docker pull? i think it misbehaves

xakepp35
  • 2,878
  • 7
  • 26
  • 54
  • You should have the image already pulled. Imo. Can you do a docker image ls and check? Its telling you only that the image using an outdated manifest and that your OS is not supporting using the image. Since docker container share the kernel with the host. – The Fool Sep 26 '21 at 16:53
  • The image is 6 years old. Even if you could get it to run, it'll be a nightmare to security patch it. – Hans Kilian Sep 26 '21 at 17:07
  • The network stack is usually something implemented in the OS kernel, but Docker containers always share the host's kernel. You could conceivably run a BSD _userspace_ in a container, but it would still have the underlying Linux _kernel_ and network stack. You probably need a virtual machine for this setup. – David Maze Sep 26 '21 at 17:42
  • @TheFool no its not pulled, ls only shows me alpine and my test image. because pull command failed with error. I thought pull command is intended to pull the image, not to analyze it, so i think it misbehaves, not doing what it should. what if i want to cross-compile? – xakepp35 Sep 26 '21 at 18:34
  • @HansKilian i guess your notice is out of scope. i am not interested in security or patches. i want to compare performance of linux-based docker and freebsd based, what is the latency, jitter, and what is throughput of small-sized software-defined echo packets (pps) – xakepp35 Sep 26 '21 at 18:36
  • @DavidMaze what if i have freebsd machine to run it. but it has no DE to develop on it? running images that is out of scope. i want to work with freebsd images (reversing, cross-building, so on) on linux machine. but docker pull command misbehaved, it should download the image and store it to image registry, but for some reason it started to analyze image, which was totally not supposed from it. right? or i am missing something? – xakepp35 Sep 26 '21 at 18:38
  • what happens when you just run `docker pull lexaguskov/freebsd` ? If you use it in a docker file like that, how do you expect to operate on it with things like `RUN echo $(uname -a)` without docker looking inside or even starting a container from it? – The Fool Sep 26 '21 at 18:41
  • Here you can read, when building, it's creating a container for each layer https://stackoverflow.com/questions/39705085/how-are-intermediate-containers-formed. So It's trying to run it. Not just pull and store. – The Fool Sep 26 '21 at 18:46

1 Answers1

3

Containers don't provide a kernel, instead they simply run a process with some isolation settings under the host kernel. If you wanted to run a kernel, you would run a VM rather than a container.

The specific image you're attempting to run was built back in 2015, uses a deprecated schema, and has set the OS/architecture to be freebsd/amd64 rather than linux/amd64. Assuming your docker engine is on Linux (which you can verify with docker info), it will correctly refuse to run this image. The problem isn't that docker can't pull the image, it did get pulled into the builder. Rather it's that the image likely contains binaries that won't run on your kernel, same as trying to run a Windows exe on a Linux host, so docker is refusing to use it.

There appears to be a port of Docker to Freebsd, but that doesn't appear to be working for several years now. You may be able to run an older install of docker, but expect there to be issues, security vulnerabilities, and it will not be a like-for-like comparison with docker on Linux. For this to work, you'll first need to install Freebsd (e.g. on a VM), which likely defeats the purpose of running a docker container in your situation.

BMitch
  • 231,797
  • 42
  • 475
  • 450
  • question came from my misunderstanding that docker is not a vm but a light wrapper on top of existing kernel. also i guess that docker is deprecated, everything is using crio nowdays or something like that. thanks for your explanation of those things. and to get like a lower latency network stack i guess freebsd should be installed on hardware and time-sensitive software should use its kernel – xakepp35 Sep 29 '21 at 10:23