I want to create a minimal ISO with dependencies for running Docker.
Linux - KernelThis forum is for all discussion relating to the Linux kernel.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to create a minimal ISO with dependencies for running Docker.
I started compiling the kernel from linux from scratch, after that, with busybox (after i added the binaries like dockerd, containerd, ..., all iptables ecc) i created a simple initramfs.
I added the docker static binaries and they works, but they need deps like iptables and git, so next thing i did is compiling iptables and placing it inside the busybox folder.
(I did compiled iptables with --enable-static flag but it didn't work, the library is not static)
After all this i made an ISO file and started it with qemu, the system work i can access the shell but when i call iptables the system gives me this error:
"sh: iptables not found".
If you have any ideas of what is the problem could you help me, thanks in advance.
I started compiling the kernel from linux from scratch, after that, with busybox (after i added the binaries like dockerd, containerd, ..., all iptables ecc) i created a simple initramfs.
I added the docker static binaries and they works, but they need deps like iptables and git, so next thing i did is compiling iptables and placing it inside the busybox folder.
(I did compiled iptables with --enable-static flag but it didn't work, the library is not static)
After all this i made an ISO file and started it with qemu, the system work i can access the shell but when i call iptables the system gives me this error:
"sh: iptables not found".
If you have any ideas of what is the problem could you help me, thanks in advance.
Did you verify that the library is in the library path?
Did you verify that the executable is in the executable path ($PATH)?
Did you read the build and install instructions in the iptable source package?
Did you verify that the library is in the library path?
Did you verify that the executable is in the executable path ($PATH)?
Did you read the build and install instructions in the iptable source package?
Yeah i verified that the library was in the path. The system give me the error even if a call the executable directly like "/usr/sbin/iptables" and yes i read the instructions but im very little experienced.
Do you know if i can build and how i can build iptables statically???
Yeah i verified that the library was in the path. The system give me the error even if a call the executable directly like "/usr/sbin/iptables" and yes i read the instructions but im very little experienced.
Do you know if i can build and how i can build iptables statically???
It is a bit non-trivial.
My take would be to start with Debian network install and go from there, but only because I am LAZY!
You might want to read up on how the Linux From Scratch builds are done.
Modern iptables uses a kernel module, and the kernel module and runtime must pretty much match (or at least agree close enough). This might be as simple as: did you compile that module and install it, and did you start it before the iptables call?
If you need a firewall, you must consider that it WILL have to tie into the kernel networking structure at some point. There may be a different tool that would serve that works in a different way, but it may be less efficient.
Making a live media like that will be quite a task. How do you manage storage? Fuse or something like aufs?
The permission are right.
The only thing it has to do is running docker with a specific kernel version.
Simply i create an iso with the command "grub-mkrescue -o myiso.iso iso/", the iso folder has this file structure:
iso
├── boot
│** ├── bzImage
│** └── initramfs
└── grub
└── grub
The initramfs is created using busybox like in this tutorial https://medium.com/@kiky.tokamuro/cr...s-5cca9b524b5a.
(To busybox i only added the binaries that i need, like docker and iptables (which does not work)).
Im asking if i can create a static binary for iptables
It is a bit non-trivial.
My take would be to start with Debian network install and go from there, but only because I am LAZY!
I could use a starting point like Debian network install but im doing this only for learning purpose and i want to do it from scratch.
Quote:
Originally Posted by wpeckham
You might want to read up on how the Linux From Scratch builds are done.
Modern iptables uses a kernel module, and the kernel module and runtime must pretty much match (or at least agree close enough). This might be as simple as: did you compile that module and install it, and did you start it before the iptables call?
In theory i did compile the module when i compiled the kernel and made the kernel have that module loaded from default.
Maybe im wrong can you tell me what the module name is?? They should be the one i listed down here right?[*] Networking support ---> [CONFIG_NET]
Networking Options --->[*] Network packet filtering framework (Netfilter) ---> [CONFIG_NETFILTER][*] Advanced netfilter configuration [CONFIG_NETFILTER_ADVANCED]
Core Netfilter Configuration --->
<*> Netfilter connection tracking support [CONFIG_NF_CONNTRACK]
<*> Netfilter Xtables support (required for ip_tables) [CONFIG_NETFILTER_XTABLES]
<*> LOG target support [CONFIG_NETFILTER_XT_TARGET_LOG]
IP: Netfilter Configuration --->
<*> IP tables support (required for filtering/masq/NAT) [CONFIG_IP_NF_IPTABLES]
(I want the iso to be as small as possible)
I could use a starting point like Debian network install but im doing this only for learning purpose and i want to do it from scratch.
In theory i did compile the module when i compiled the kernel and made the kernel have that module loaded from default.
Maybe im wrong can you tell me what the module name is?? They should be the one i listed down here right?[*] Networking support ---> [CONFIG_NET]
Networking Options --->[*] Network packet filtering framework (Netfilter) ---> [CONFIG_NETFILTER][*] Advanced netfilter configuration [CONFIG_NETFILTER_ADVANCED]
Core Netfilter Configuration --->
<*> Netfilter connection tracking support [CONFIG_NF_CONNTRACK]
<*> Netfilter Xtables support (required for ip_tables) [CONFIG_NETFILTER_XTABLES]
<*> LOG target support [CONFIG_NETFILTER_XT_TARGET_LOG]
IP: Netfilter Configuration --->
<*> IP tables support (required for filtering/masq/NAT) [CONFIG_IP_NF_IPTABLES]
(I want the iso to be as small as possible)
Cannot answer that. I built a lot of kernels, but stopped at about 2.4 and things have changed a LOT since then! My hope is that someone who builds kernels often will chime in with current information.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
