Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

what will be impacted for compiling code in different kernel in docker?

Tags:

c++

docker

lxc

Can I trust the builds in docker container for redhat6.4 in Ubuntu 14.04 host for c/c++ source codes ? or any limitation I need to consider ?

We are trying to use docker to serve different OS platform to compile the source codes, since technology in docker is share the host os's kernel, see related question What is the relationship between the docker host OS and the container base image OS?

  • My host OS is ubuntu 14.04 (easy to install docker), kernel is 3.13.0-24-generic
  • My application platform is redhat 6.4 (kernel is 2.6.32-358.el6.x86_64)

When I created the container for RHEL for Ubuntu, the kernel is updated to 3.13.0-24-generic as well.

My application is c/c++ & java based.

I don't think java will be any problem for the compiled .jar files since it is based on jvm.

And for c/c++ codes, mostly I understand it depends on libc kind of shared library, not depends on kernel, so is it possible to use this compiled codes into real redhat environment.

This setup is used for development only, not for production, the generated binary files are supposed to be installed real standalone machines with RHEL or VM.

So any things I need to consider ?

Probably it is more lxc related question.

Updated to add some sample

I download the gameoflife codes https://github.com/rvsjoen/game-of-life, and compiled in both system, looks for this case since md5 is the same, the result is the same and it is trustable.

This is redhat 6.4 system in VM

[root@redhat game-of-life-master]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)
[root@redhat game-of-life-master]# uname -a
Linux redhat 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64x86_64 GNU/Linux
[root@redhat]# ldd gol
    linux-vdso.so.1 =>  (0x00007fffaeaa8000)
    libncurses.so.5 => /lib64/libncurses.so.5 (0x00000033fa000000)
    libc.so.6 => /lib64/libc.so.6 (0x00000033f9c00000)
    libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00000033fb800000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00000033f9800000)
    /lib64/ld-linux-x86-64.so.2 (0x00000033f9400000)
[root@redhat]# md5sum gol
4f3245d3d61b1c73e48537dd612d37c3  gol

And this is redhat in docker container

bash-4.1# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)
bash-4.1# uname -a
Linux f51c7b4e80aa 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
bash-4.1# ldd gol
    linux-vdso.so.1 =>  (0x00007fff5e3c2000)
    libncurses.so.5 => /lib64/libncurses.so.5 (0x00007f2e84863000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f2e844d0000)
    libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f2e842ae000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f2e840aa000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f2e84a8e000)
bash-4.1# md5sum gol
4f3245d3d61b1c73e48537dd612d37c3  gol

Are there any exception for c/c++ codes ?

like image 971
Larry Cai Avatar asked May 30 '14 00:05

Larry Cai


People also ask

Can Docker run different kernel?

Docker never uses a different kernel: the kernel is always your host kernel. If your host kernel is "compatible enough" with the software in the container you want to run it will work; otherwise it won't.

Do containers use the same kernel?

Containers share the same operating system kernel and isolate the application processes from the rest of the system.

Does Docker affect performance?

Inadequately Allocated Resources. When Docker containers do not have access to enough resources, they quickly experience performance issues. Depending on the average image size of a project and the number of containers you are running, the hosts and network need to be able to support the workload.

What kernel features does Docker use?

Docker also makes use of kernel control groups for resource allocation and isolation. A cgroup limits an application to a specific set of resources. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints.


2 Answers

There is, in normal situations, no exception for natively compiled codes (C, C++...).

As you wrote, programs interact with the libc, not the kernel, except very specific situations.

This libclibrary is not shared between your Ubuntu host and your Redhat container. Your container has its own libc that abstracts system calls to the kernel.

About the kernel itself, note that even if the Linux kernel internals tend to be moving, always evolving pieces of code, what is publicly exposed (the ABI, accessible to userspace applications and libc) is kept stable and compatible between releases. In rare occasions this compatibility has been broken, most of the time, not intentionally. (see this article).

So, yes, it is perfectly safe to have use a RHEL dev. environment on an Ubuntu host, and to trust the builds generated from this container.

like image 192
mbarthelemy Avatar answered Nov 12 '22 10:11

mbarthelemy


There are no problems while the App does not directly use the last feature of a certain linux kernel.

Docker works at the lowest level intercepting only all "system calls".

In Linux 64 (x64) system calls are made with the intel / amd processor assembler instruction: SYSCALL

This SYSCALL is the one that is "intercepted" by the KERNEL of LINUX and "virtualized" with docker by internally changing the operation of the invocation.

For example, the system call "open", to open a disk file, changes the path to the file by another one where the "root" of the running docker image is located.

I do not know exactly what level of the kernel that change is made, if it is when entering "open", or if it is more internally.

For this reason, the same binary executable that works in a linux without docker, works inside a docker image, without modifying the executable at any time.

All the "virtualization" is done inside the KERNEL, which is entered for example with SYSCALL.

But beware of applications that use the latest "feature" of a kernel. Because it may not run ok, if the kernel below it does not have that "feature".

Beware of security patches at the kernel level, the kernel below may not have such a patch. In turn it is easier to install these security patches and maintain secure systems, since they are not "part" of the APPs. This is another advantage with respect to VM images.

like image 35
Angel Moreno Avatar answered Nov 12 '22 09:11

Angel Moreno