sysdig running on the new, ‘native’ Docker apps!

Nothing beats the convenience of docker on your laptop for development and exploration. Perhaps you’ve had experience with docker toolbox or boot2docker and have heard about docker’s latest new ‘native’ tool now in beta.

I won’t enumerate all the improvements here but it does away with virtualbox and instead uses xhyve(OS X) and Hyper-V(Windows). It’s still in beta but already the experience is much better than boot2docker. More details.

And perhaps you’ve heard about sysdig, the great open source inspection tool with extensive container support. It provides powerful visibility into what’s going on inside your containers and can be invaluable for troubleshooting during development. sysdig provides this service by installing a kernel module to intercept system calls. Can we use this with the new docker ‘native’?

We can! Docker uses an alpine image for the vm and although they haven’t officially open sourced it yet they are providing all we need to build the module.

To make this easier I have made an image you can use to automatically install the module for you. Then you can install the sysdig container as normal.

docker run — rm — privileged etown/install-sysdig-module

Now that you’ve got the module installed you can launch sysdig’s container:

docker run -i -t — name sysdig — privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/sysdig

And now take advantage of all sysdig has to offer on your mac and windows development machines!