Public | Automated Build

Last pushed: 2 years ago
Short Description
A docker container inside a docker container
Full Description


This recipe lets you run Docker within Docker.

This fork requires Docker v1.8+.
For previous versions of Docker see the original DIND


Build the image:

docker build -t dind .

Run Docker-in-Docker and get a shell where you can play, and docker daemon logs
to stdout:

docker run --privileged -t -i dind

Run Docker-in-Docker and get a shell where you can play, but docker daemon logs
into /var/log/docker.log:

docker run --privileged -t -i -e LOG=file dind

Run Docker-in-Docker and expose the inside Docker to the outside world:

docker run --privileged -d -p 4444 -e PORT=4444 dind

Note: when started with the PORT environment variable, the image will just
the Docker daemon and expose it over said port. When started without the
PORT environment variable, the image will run the Docker daemon in the
background and execute a shell for you to play.

Daemon configuration

You can use the DOCKER_DAEMON_ARGS environment variable to configure the
docker daemon with any extra options:

docker run --privileged -d -e DOCKER_DAEMON_ARGS="-D" dind

How It Works

The main trick is to have the --privileged flag. Then, there are a few things
to care about:

  • /var/lib/docker cannot be on AUFS, so we make it a volume.

That's it.

Important Warning About Disk Usage

Since AUFS cannot use an AUFS mount as a branch, it means that we have to
use a volume. Therefore, all inner Docker data (images, containers, etc.)
will be in the volume. Remember: volumes are not cleaned up when you
docker rm, so if you wonder where did your disk space go after nesting
10 Dockers within each other, look no further :-)

Which Version Of Docker Does It Run?

Outside: it will use your installed version.

Inside: the Dockerfile will retrieve the latest docker binary from; so if you want to include your own docker
build, you will have to edit it. If you want to always use your local
version, you could change the ADD line to be e.g.:

ADD /usr/bin/docker /usr/local/bin/docker

Can I Run Docker-in-Docker-in-Docker?

Yes. Note, however, that there seems to be a weird FD leakage issue.
To work around it, the wrapdocker script carefully closes all the
file descriptors inherited from the parent Docker and lxc-start
(except stdio). I'm mentioning this in case you were relying on
those inherited file descriptors, or if you're trying to repeat
the experiment at home.

kojiromike/inception is
a wrapper script that uses dind to nest Docker to arbitrary depth.

Also, when you will be exiting a nested Docker, this will happen:

root@975423921ac5:/# exit
root@6b2ae8bf2f10:/# exit
root@419a67dfdf27:/# exit
root@bc9f450caf22:/# exit

At that point, you should blast Hans Zimmer's Dream Is Collapsing on your loudspeakers while twirling
a spinning top.

Docker Pull Command
Source Repository