Exporting Docker images from Dagger

I started using Dagger this week, and if you have any sort of build and test system based on shell scripts and Dockerfiles, Dagger will be a big improvement. This post documents how to export a container image that you build in Dagger to your local Docker instance. This process is described in the Dagger documentation but I needed to go one step further and tag the image that I exported.


I spent a while trying to debug a runc problem where it would always get an EACCES error writing the cpu.cfs_period_us file in a cpu cgroup.

The problem turned out to be that I had not enabled CONFIG_CFS_BANDWIDTH in my kernel build. Presumably, when runc tries to write the file, it passes O_CREAT and cgroupfs doesn’t let it create a new file, which leads to the somewhat surprising error.

So, if you get this error, just turn on CONFIG_CFS_BANDWIDTH :)


PAM support in the Mesos containerizer

Recently, it occurred to me that running a containerized task is concentually very similar to having a remote session on an anonymous compute agent. The traditional way for operators to influence (i.e. configure, control, log) the environment of a remote user session is by the use of PAM modules. One of the applications that I had in mind was the use of the pam_loginuid module to set the linux audit ID so that containers audit events can be attributed to the task user rather than to the container orchestrator.