We have dropped the scripts for building Debian images directly as well as the associated documentation. Instead we have added support for running lxc
and docker
containers.
This has the advantage of running all the hardware related stuff (gpio, usb gadgets) in Poky (the Yocto reference distribution) that acts as the host. Inside the container you can install your favorite distribution (Ubuntu, Debian and what not) without the need to build it.
Currently we can build lxc
and docker
support for i686, but it is useless. You will not find i686 containers and would need to build them yourself. This means that if you want containers you will get only get something useful if you checkout scarthgap
and not master
, unless you manually set to build x86_64.
You will find lxc
instructions at Linux Containers. And there is quite a selection of container images to choose from.
A quick summury to get you started followes below.
If you skip this step UID and GID in the container will be the same as on the host. This is not secure as you do not need to be root on the host to create a container, and you do do not need to be root to share Edison’s root file system with the container. So, an unprivileged user can share the root fs with the container, go into the container as root and then modify Edison’s passwd file to become root on Edison.
Better is at minimum to create system-wide unprivileged containers (that is, unprivileged containers created and started by root) where the containers root is mapped to an ordinary user on Edison. It requires only a few extra steps to organize subordinate user IDs (uid) and subordinate group IDs (gid).
Specifically, you need to manually allocate the subordinate uid and gid ranges to root in /etc/subuid and /etc/subgid and then set those ranges in /etc/lxc/default.conf using lxc.idmap entries.
echo "root:100000:65536" >>/etc/subuid
echo "root:100000:65536" >>/etc/subgid
echo "lxc.idmap = u 0 100000 65536" >>/etc/lxc/default.conf
echo "lxc.idmap = g 0 100000 65536" >>/etc/lxc/default.conf
root@edison:~# lxc-create --name mycontainer --template download -- --dist ubuntu --release noble --arch amd64
You can find your containers with
root@edison:~# lxc-ls
mycontainer
and their state
root@edison:~# lxc-info mycontainer
Name: mycontainer
State: STOPPED
To start it
root@edison:~# lxc-start --name mycontainer
root@edison:~# lxc-info mycontainer
Name: mycontainer
State: RUNNING
PID: 2508
IP: 10.0.3.101
Link: vethTo9zi9
TX bytes: 1.67 KiB
RX bytes: 8.35 KiB
Total bytes: 10.02 KiB
and enter a shell in the container
root@edison:~# lxc-attach --name mycontainer
You can install nmap
and scan the network:
root@mycontainer:~# apt-get install nmap
root@mycontainer:~# routel
Dst Gateway Prefsrc Protocol Scope Dev Table
default 10.0.3.1 10.0.3.101 dhcp eth0
10.0.3.0/24 10.0.3.101 kernel link eth0
10.0.3.1 10.0.3.101 dhcp link eth0
10.0.3.101 10.0.3.101 kernel host eth0 local
10.0.3.255 10.0.3.101 kernel link eth0 local
127.0.0.0/8 127.0.0.1 kernel host lo local
127.0.0.1 127.0.0.1 kernel host lo local
127.255.255.255 127.0.0.1 kernel link lo local
root@mycontainer:~# nmap 10.0.3.0/24
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-04-16 19:57 UTC
Nmap scan report for _gateway (10.0.3.1)
Host is up (0.00023s latency).
Not shown: 997 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
MAC Address: 00:16:3E:00:00:00 (Xensource)
Nmap scan report for mycontainer (10.0.3.101)
Host is up (0.00014s latency).
All 1000 scanned ports on mycontainer (10.0.3.101) are in ignored states.
Not shown: 1000 closed tcp ports (reset)
Nmap done: 256 IP addresses (2 hosts up) scanned in 3.61 seconds
And of course, since we haven’t secured Edison (known as _gateway inside the container) you can
root@mycontainer:~# ssh root@10.0.3.1
The authenticity of host '10.0.3.1 (10.0.3.1)' can't be established.
...
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.0.3.1' (ED25519) to the list of known hosts.
Last login: Wed Apr 16 21:56:04 2025 from 2a02:a466:68ed:1:5a91:3fda:4869:9678
root@edison:~# logout
Connection to 10.0.3.1 closed.
And even, you can have nmap
scan the upstream network of Edison. So, beware.
Finally to shut it down:
root@edison:~# lxc-stop --name mycontainer
First checkout if docker
is working correctly
root@yuna:~# docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
And to start
root@edison:~# docker run -it ubuntu bash
© 2018 Ferry Toth