TazPod: Container Lifecycle Detail
Level 3 (Detail) — Docker container create, start, stop, and remove.
Concept
TazPod manages a single Docker container per project. The container is disposable — all persistent state lives in the mounted workspace directory. Container lifecycle is managed by lifecycle.go.
Commands
tazpod up
File: cmd/tazpod/lifecycle.go — up() (lines 10-18)
- Validate
cfg.Imageis set (error if missing) ensureContainerUp()— create or start container- Spawn sync daemon:
tazpod __internal_sync_daemon
tazpod down
File: cmd/tazpod/lifecycle.go — down() (lines 20-25)
exec.Command("docker", "stop", cfg.ContainerName).Run()
exec.Command("docker", "rm", cfg.ContainerName).Run()
Stops and removes the container. The workspace and vault on the host are preserved.
tazpod enter / tazpod ssh
File: cmd/tazpod/lifecycle.go — enter() (line 27)
Delegates to smartEntry().
Container Creation
File: cmd/tazpod/lifecycle.go — ensureContainerUp() (lines 107-131)
docker run -d --name <name> \
--cap-add SYS_ADMIN \
--security-opt apparmor=unconfined \
--dns 1.1.1.1 --dns 1.0.0.1 \
-v <cwd>:/workspace \
-v ~/.ssh:/home/tazpod/.ssh:ro \
-e HOST_CWD=<cwd> \
<image> sleep infinity
| Flag | Purpose |
|---|---|
--cap-add SYS_ADMIN | Required for mount operations (tmpfs, bind mounts) |
--security-opt apparmor=unconfined | Prevents AppArmor from blocking mount syscalls |
--dns 1.1.1.1 / 1.0.0.1 | Cloudflare DNS |
-v <cwd>:/workspace | Current project directory mounted into container |
-v ~/.ssh:/home/tazpod/.ssh:ro | Host SSH keys shared read-only |
-e HOST_CWD=<cwd> | Host working directory for host-path resolution |
sleep infinity | Long-lived process keeping the container alive |
Container name is derived from cfg.ContainerName (default: <project-folder>-lab).
Container State Machine
Container missing? ──► docker run (create + start)
│
Container stopped? ──► docker start
│
Container running? ──► proceed to smartEntry
Known Issues
- TD-018: Default bridge MTU (1500) causes HTTPS/TLS handshake failures when the host network uses a lower MTU (e.g., mobile hotspot or Tailscale). The container is created with Docker’s default network MTU. No automated MTU adjustment is configured.
Code Paths
| File | Function | Line | Role |
|---|---|---|---|
lifecycle.go | up() | 10 | Start container + spawn daemon |
lifecycle.go | down() | 20 | Stop + remove container |
lifecycle.go | ensureContainerUp() | 107 | Create/start check |
See Also
- Parent hub: tazpod
- Sibling details: Smart Entry Detail, Config Detail
- Topic: Architecture
- Debt: TD-018 (MTU)