@@ -180,43 +180,6 @@ To prevent confusion we refer to the containers as the "outer" and
180180 the outer container. It's launched by the Docker instance running
181181 inside the outer container.
182182
183- ### Inner Docker Image Caching
184-
185- The Docker instance running inside the system container stores its
186- images in the ` /var/lib/docker ` directory inside the container.
187-
188- When the system container is removed, the contents of that directory
189- will also be removed.
190-
191- If you wish to keep the contents of that directory so that they may be
192- reused by a future system container instance (e.g., to avoid forcing
193- the future instance to re-download inner container images), then
194- simply mount a Docker volume on the host into the system container's
195- ` /var/lib/docker ` :
196-
197- ``` bash
198- $ docker volume create myVol
199- $ docker run --runtime=sysbox-runc -it --mount source=myVol,target=/var/lib/docker debian:latest
200- ```
201-
202- This way, the inner Docker's image cache will persist even after the
203- system container is removed.
204-
205- But note the following: Docker does not support two or more daemons
206- sharing the same image cache. Thus, if you follow the approach above,
207- you must mount the host volume to a ** single** system container at any
208- given time.
209-
210- If you wish to have multiple system containers using this technique,
211- use a separate host volume for each:
212-
213- ``` bash
214- $ docker volume create myVol1
215- $ docker volume create myVol2
216- $ docker run --runtime=sysbox-runc -it --mount source=myVol1,target=/var/lib/docker debian:latest
217- $ docker run --runtime=sysbox-runc -it --mount source=myVol2,target=/var/lib/docker debian:latest
218- ```
219-
220183### Inner Docker Restrictions
221184
222185The Docker instance inside the system container is assumed to store
@@ -228,6 +191,32 @@ at some other location within the system container (via the Docker
228191daemon's ` --data-root ` option), Sysbox does ** not** currently support
229192this (i.e., the inner Docker won't work).
230193
194+ ### Inner Docker Image Caching
195+
196+ The Docker instance running inside the system container stores its
197+ images in the ` /var/lib/docker ` directory inside the container.
198+
199+ When the system container is removed (i.e., not just stopped, but
200+ actualy removed), the contents of that directory will also be removed.
201+
202+ This means that the inner Docker's image cache is removed when the
203+ associated system container is removed.
204+
205+ Normally, it would be possible to override this behavior by mounting a
206+ host volume into the system container's ` /var/lib/docker ` , in order to
207+ persist the inner Docker's image cache accross system container
208+ lifecycles.
209+
210+ However, Sysbox does not currently support mounts into the system
211+ container's ` /var/lib/docker ` (due to a low-level problem in the
212+ interaction between overlayfs and the Nestybox nbox_shiftfs module).
213+
214+ If a user creates a system container with a mount into the system
215+ container's ` /var/lib/docker ` , Sysbox ignores the mount configuration
216+ and runs the system container without it.
217+
218+ We are working on a solution for this.
219+
231220## Sysbox Reconfiguration
232221
233222The Sysbox installer starts the [ Sysbox components] ( design.md#sysbox-components )
@@ -320,7 +309,7 @@ associated ID mappings, refer to the [Sysbox design document](design.md).
320309## Docker Bind Mount Permissions
321310
322311Sysbox system containers support all Docker storage mount types:
323- volume, bind, or tmpfs.
312+ [ volume, bind, or tmpfs] ( https://docs.docker.com/storage/ ) .
324313
325314However, for bind mounts there are some caveats. These caveats do not apply to
326315volume mounts and tmpfs mounts.
@@ -407,3 +396,7 @@ the near future.
407396### SELinux
408397
409398Sysbox does not yet support running on systems with SELinux enabled.
399+
400+ ### Others
401+
402+ Sysbox does not have support for other Linux LSMs at this time.
0 commit comments