Alpine Linux - root mounted as ro iso9660 filesystem how can I remount as rw overlay?

Question

I'm on OSX and I've got Docker for Mac installed.

On OSX, Docker runs it's containers inside a little hypervisor, we can see this from a process listing

❯ ps awux | grep docker bryanhunt 512 1.8 0.2 10800436 34172 ?? S Fri11am 386:09.03 com.docker.hyperkit -A -u -F vms/0/hyperkit.pid -c 8 -m 6144M -s 0:0,hostbridge -s 31,lpc -s 1:0,virtio-vpnkit,path=s50,uuid=c0fac0ff-fb9a-473f-bf44-43d7abdc701d -U 05c2af3a-d417-43fd-b0d4-9d443577f207 -s 2:0,ahci-hd,/Users/bryanhunt/Library/Containers/com.docker.docker/Data/vms/0/Docker.raw -s 3,virtio-sock,guest_cid=3,path=vms/0,guest_forwards=2376;1525 -s 4,ahci-cd,/Applications/Docker.app/Contents/Resources/linuxkit/docker-for-mac.iso -s 5,ahci-cd,vms/0/config.iso -s 6,virtio-rnd -s 7,virtio-9p,path=s51,tag=port -l com1,autopty=vms/0/tty,asl -f bootrom,/Applications/Docker.app/Contents/Resources/uefi/UEFI.fd,, bryanhunt 509 0.0 0.1 558589408 9608 ?? S Fri11am 0:30.26 com.docker.driver.amd64-linux -addr fd:3 -debug

Note how it's running the VM from an ISO image /Applications/Docker.app/Contents/Resources/linuxkit/docker-for-mac.iso - this is probably a good idea because things would get tricky if users tampered with the VM image, however, in this case, that's exactly what I want to do.

I can get inside the Docker VM by running a privileged container which executes the nsenter utility in order to enter the host process space.

docker run --rm -it --privileged --pid=host walkerlee/nsenter -t 1 -m -u -i -n sh

So everything is good. I can now move onto the next stage, install and run plotnetcfg.

plotnetcfg creates very nice graphviz diagrams of networking configuration, and this is what I'd like to do, analyze the networking configuration inside the Docker VM (it's Alpine Linux BTW).

Here's an example of the sort of diagram plotnetcfg can generate :

That's my actual goal - to visualize Docker networking configuration for a hackathon.

Now finally the description of the problem.

The root filesystem is an iso9660 mount.

/ # mount |grep iso
/dev/sr0 on / type iso9660 (ro,relatime)

Is there a way to remount root, using the aufs stacked filesystem or any other means so that I can update the system packages, download, compile and execute the plotnetcfg utility, and finally, export the generated graphviz dot file and render it elsewhere?

Answer 1

For the question: root mounted as ro iso9660 filesystem how can I remount as rw overlay ?

The answer is: there is no way you can remount as rw, but tmpfs /tmp or shm /dev/shm is writable if you really want to add something temporally.

For the things you want to do:

With docker run you can already access the docker vm's network.

You don't need to modify the host to change the network, you can just add --privileged -v /dev:/dev for docker run, then you can just install package in container, create the interface you want

docker run --rm -it --privileged -v /dev:/dev wener/base ifconfig

For example you can create a tap or tun dev in container, I use tinc in container to create host vpn.