Docker, The Linux container engine is an open source project to pack, ship and run any application as a lightweight container.

Have look at Docker getting started.

kernel with USER_NS, USER_NET, etc.

Easiest way is to install libcgroup package and enable all cgroup types:

# install libcgroup and enable mounts
poldek -u --noask libcgroup
sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf
service cgconfig start 

IPv4 packet forwarding is disabled by default in PLD Linux, so internet access from inside the container will not work unless net.ipv4.ip_forward is enabled:

 WARNING: IPv4 forwarding is disabled.

To fix, run:

 sudo sysctl -w net.ipv4.ip_forward=1

Or, to enable it more permanently, enable it on the host's /etc/sysctl.conf:

 net.ipv4.ip_forward=1

docker rmi $(docker images --filter dangling=true --quiet)

Simple script to create new base image for pld:

mkimage-pld.sh

#!/bin/sh
set -e
 
ROOTFS=~/root
IMAGE=pld
 
# to clean up:
docker rmi $IMAGE
 
# build
rpm -r $ROOTFS --initdb
 
install -d $ROOTFS/dev/pts
mknod $ROOTFS/dev/random c 1 8 -m 644
mknod $ROOTFS/dev/urandom c 1 9 -m 644
mknod $ROOTFS/dev/full c 1 7 -m 666
mknod $ROOTFS/dev/null c 1 3 -m 666
mknod $ROOTFS/dev/zero c 1 5 -m 666
mknod $ROOTFS/dev/console c 5 1 -m 660
 
poldek -r $ROOTFS --up -u bash iproute2 coreutils poldek
 
# cleanups
PKGS="cracklib-dicts ca-certificates"
for pkg in $PKGS; do
    rpm -r $ROOTFS -q $pkg && rpm -r $ROOTFS -e $pkg --nodeps
done
 
# and import
tar -C $ROOTFS -cf- . | docker import - $IMAGE
 
# and test
docker run -i -u root $IMAGE /bin/echo Success.

# sh -x /vagrant/mkimage-pld.sh 
+ rpm -r /home/vagrant/root --initdb
+ poldek -r root --up -u bash iproute2
+ docker import - pld
# docker run -i -t pld bash
WARNING: IPv4 forwarding is disabled.
[root@e8d2bb1215c2 /]# id
uid=0(root) gid=0(root) groups=0(root)

You can see more available samples in docker/contrib/.

also, you can try glen's pld test image:

vagrant@pld64 ~$ sudo docker run -i -t glen/pld bash
root@ae0aac5de155 ~# 

To play around inside vagrant, create Vagrantfile and run vagrant up followed by vagrant ssh:

mkdir test
cd test
# use curl or wget
curl -sS > Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4 || \
wget -q -O Vagrantfile https://www.pld-linux.org/_export/code/packages/docker?codeblock=4
vagrant up
vagrant ssh

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :
 
BOX_NAME = ENV['BOX_NAME'] || "pld64"
BOX_URI = ENV['BOX_URI'] || "ftp://ftp.pld-linux.org/people/glen/vm/pld64.box"
 
hostname = File.basename(File.dirname(__FILE__))
print "\033k#{hostname}\033\\"
 
Vagrant::Config.run do |config|
  # Setup virtual machine box. This VM configuration code is always executed.
  config.vm.box = BOX_NAME
  config.vm.box_url = BOX_URI
 
  # Provision docker and new kernel if deployment was not done
  if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
    pkg_cmd = "set -xe; "
 
    # install libcgroup and enable mounts
    pkg_cmd << "poldek -u --noask libcgroup; "
    pkg_cmd << "sed -i -e '/^#mount/,$ s/^#//' /etc/cgconfig.conf; "
    pkg_cmd << "service cgconfig start; "
 
    # ensure ip forward is enabled
    pkg_cmd << "sed -i -e '/^net.ipv4.ip_forward/ s/0/1/' /etc/sysctl.conf; "
    pkg_cmd << "sysctl -p; "
 
    # Add docker package and start it
    pkg_cmd << "poldek -u --noask lxc-docker; "
    pkg_cmd << "service lxc-docker start; "
    pkg_cmd << "usermod -A docker vagrant; "
 
    # Add glibc locales
    pkg_cmd << "poldek -u glibc-localedb-all; "
 
    # Make some more space for containers
    pkg_cmd << "poldek -u xfsprogs; ldconfig; "
    pkg_cmd << "lvextend --size=+3G /dev/sys/rootfs; xfs_growfs /; "
 
    config.vm.provision :shell, :inline => pkg_cmd
  end
end
 
 
# Providers were added on Vagrant >= 1.1.0
Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
  config.vm.provider :virtualbox do |vb|
    config.vm.box = BOX_NAME
    config.vm.box_url = BOX_URI
 
    # ssh agent forwarding can be useful
    #config.ssh.forward_agent = true
 
    # Make VM accessible outside VM itself, and use eth1 device
    #config.vm.network :public_network, { bridge: 'eth1', auto_config: true }
  end
end