Using LinuxKit to build Linux Operation System Based on Containers

Using LinuxKit to build Linux Operation System Based on Containers

LinuxKit is a tool presented in 2017. It aims to uses containers to create a lightweight and immutable Linux operation system image framework. Docker always wanted to use LinuxKit to build up related products, such as Docker for Mac. In order to quickly understand its features, here we create a simply image file for learning.


  • Git client.
  • Docker engine. Please use Docker-ce 17.06.0。
  • GUN make tool.
  • GUN tar tool

Install Moby tool

Firstly, we need to install Moby tool. This tool primarily provides specified YAML file to execute described installation process and features, and use Docker to build up Linux Operation System. In this article, we will use xhyve, a virtualized OS X, to provide execution of system instance. However, we can also use official HyperKit to execute. First let us use Git to obtain LinuxKit repos, and then install Moby:

$ git clone $ cd linuxkit $ make && sudo make install $ moby version moby version 0.0 commit: 4db06aa1732b44a8cadd9c8577df0aa5c716e701

Create Linux Image

After installing Moby tool, we can use writing YAML to describe Linux installation process and features. Here we create a Docker + SSH Linux image file. We first create a docker-sshd.yml file, and then add the content to the file as follows:

kernel: image: linuxkit/kernel:4.9.36 cmdline: "console=tty0 console=ttyS0" init: - linuxkit/init:14a38303ee9dcb4541c00e2b87404befc1ba2083 - linuxkit/runc:a0f2894e50bacbd1ff82be41edff8b8e06e0b161 - linuxkit/containerd:389e67c3c1fc009c1315f32b3e2b6659691a3ad4 - linuxkit/ca-certificates:67acf038c44bb191ebb704ec7bb39a1524052cdf onboot: - name: sysctl image: linuxkit/sysctl:d1a43c7c91e92374766f962dc8534cf9508756b0 services: - name: getty image: linuxkit/getty:0bd92d5f906491c20e4177c57f965338fe5a8c5f env: - INSECURE=true - name: rngd image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b - name: dhcpcd image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41 - name: sshd image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb files: - path: root/.ssh/authorized_keys source: ~/.ssh/ mode: "0600" optional: true trust: org: - linuxkit

Sections in the YAML file are listed below:

  • Kernel: kernel version of specified Docker image file. It includes a Linux kernel and a tar file of the file system, which build kernel in the /kernel directory.
  • Init: an init process Docker base image, which includes init, containerd, runC, and other tools.
  • onboot:  system-level tool. It will be run sequentially. It includes dhcpd, and ntpd.
  • services: services, such as ngnix, or apache2, to be run after system starts.
  • files: files to be replicated to Linux system image file.
  • trust: specifying Docker Content Trust to encrypt the build components.

For more information about YAML format and sections, please refer to the official website of LinuxKit YAML. We may also refer to the website of Docker Hub for LinuxKit image source.

Now we can use Moby tool to build Linux image file as follows:

$ moby build sshd.yml Extract kernel image: linuxkit/kernel:4.9.x Pull image: linuxkit/kernel:4.9.x ... Create outputs: sshd-kernel sshd-initrd.img sshd-cmdline

Then we will see the following files:

  • docker-sshd-kernel: a RAW kernel image.
  • docker-sshd-initrd.img:  an initialized RAW DISK file.
  • docker-sshd-cmdline: Command line options file.

Test Image

After building image file, we can use some tools to test. Here we use xhyve to execute testing. We first utilize Git to acquire xhyve, and then to build and to install:

$ git clone $ cd xhyve $ make && cp build/xhyve /usr/local/bin/ $ xhyve Usage: xhyve [-behuwxMACHPWY] [-c vcpus] [-g <gdb port>] [-l <lpc>] [-m mem] [-p vcpu:hostcpu] [-s <pci>] [-U uuid] -f <fw>

Xhyve is a FreeBSD virtualized bhyve to OS X. It is a tool that is built on top of

Hypervisor.framewark. Other than VirtualBox and VMware, Xhyve is an alternative option, which is very lightweight, and takes up only a few Kilobytes.

Then we write xhyve script to activate image:

#!/bin/sh KERNEL="sshd-kernel" INITRD="sshd-initrd.img" CMDLINE="console=ttyS0 console=tty0 page_poison=1" MEM="-m 1G" PCI_DEV="-s 0:0,hostbridge -s 31,lpc" LPC_DEV="-l com1,stdio" ACPI="-A" #SMP="-c 2" # sudo if you want networking enabled NET="-s 2:0,virtio-net" xhyve $ACPI $MEM $SMP $PCI_DEV $LPC_DEV $NET -f kexec,$KERNEL,$INITRD,"$CMDLINE"

Modify KERNEL and INITRD to be an image of docker-sshd。

Then, we can go ahead and activate testing:

$ chmod u+x $ sudo ./ Welcome to LinuxKit ## . ## ## ## == ## ## ## ## ## === /"""""""""""""""""\___/ === ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ \______ o __/ \ \ __/ \____\_______/ ... (ns: getty) linuxkit-f65c15deb778:~# ip -4 a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 inet brd scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet brd scope global eth0 valid_lft forever preferred_lft forever

Authenticate Image Service

The above result indicates that Operation System is activated without any errors. Now we need to test if system services are working or not. We first use SSH for testing. Run the following command on the newly added SSH Public Key Server:

$ ssh root@ (ns: sshd) linuxkit-f65c15deb778:~# uname -r 4.9.36-linuxkit (ns: sshd) linuxkit-f65c15deb778:~# exit

Last, use the following command to shut down the virtual machine:

moby-aa16c789d03b:~# halt Terminated

Written By 白凱仁 迎棧科技軟體工程師


Select list(s)*