Docker fails building image when using default seccomp profile - docker

When I try to build a docker image I get the following error
OCI runtime create failed: container_linux.go:346: starting container
process caused "seccomp: config provided but seccomp not supported":
unknown
I'm running docker build -t cprates/lws_base:latest -f Dockerfile.base .
The Dockerfile is a basic dockerfile with nothing special to it
FROM golang:1.12.7-buster
WORKDIR /lws
COPY go.mod .
RUN go mod download \
&& go get -u golang.org/x/lint/golint
I suspect that this started happening after a system update, but not sure.
I can run a container by not using the default seccomp profile with --security-opt seccomp=unconfined. But docker build does not accept the flag --security-opt.
I already re-installed docker-ce following the instructions in the official website.
I'm using Fedora 30 which according to the docs is supported:
uname -srom
Linux 5.5.10-100.fc30.x86_64 x86_64 GNU/Linux
Docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:26:25 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:25:01 2020
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc9+dev
GitCommit: 2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
docker-init:
Version: 0.18.0
GitCommit: fec3683
Docker info
Client:
Debug Mode: false
Server:
Containers: 9
Running: 0
Paused: 0
Stopped: 9
Images: 5
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: 2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 5.5.10-100.fc30.x86_64
Operating System: Fedora 30 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.53GiB
Name: taplop.taplopmain
ID: HT7E:UK3I:IYBL:FO46:PHZS:AV7O:GYCY:3QUS:7I6H:PIS4:LBJZ:VRLH
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Any clue on what could be the problem?

It turns out that containerd was picking up the wrong runC. Some time ago I installed runC from github and completely forgot.
If you're wondering if you have the same problem, run to following command to check how many runC binaries you have in your system
$ whereis runc
runc: /usr/bin/runc
This is the correct one for me, using Fedora 30.

Related

Unable to login into docker from cmd

I have recently installed Docker Desktop. I'm able to login into my repository using the Docker Desktop, but when I run
docker login
from my command prompt, I always get the following error:
C:\>docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: docker-id
Password:
Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I have tried all the suggestions like setting the DNS, turning off experimental features. I'm not using any proxy (working from home, direct internet connection). No matter what I do it always shows me this error.
I have also tried uninstalling and installing the docker desktop again, but to no effect. I'm not sure what else to do. Any help would be appreciated.
Info regarding Docker
C:\>docker info
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
compose: Docker Compose (Docker Inc., v2.0.0-rc.2)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.10.16.3-microsoft-standard-WSL2
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 12.28GiB
Name: docker-desktop
ID: QG25:CZ37:YTCU:WSQ5:KQGI:F3HL:3ZLC:GOJY:6JET:S3TJ:57ZU:WFKU
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
Docker version info
C:\>docker version
Client:
Cloud integration: 1.0.17
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:58:50 2021
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:10 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Not sure of this, but once we encountered this problem we changed the DNS server from Automatic to Fixed 8.8.8.8 or something applied to you, just FYI in case it works:

docker: "first record does not look like a TLS handshake" error when pull image

I have just installed docker and then try running hello-worldprogram.
My server is behind proxy of company. So, I set proxy environment variables according to manual from docker in a file named /etc/systemd/system/docker.service.d/http-proxy.conf:
[Service]
Environment="HTTP_PROXY=http://username:password#server:8080"
Environment="HTTPS_PROXY=https://username:password#server:8080"
Environment="NO_PROXY=localhost,127.0.0.1,localaddress,.localdomain.com"
But, while run $ sudo docker run hello-world. I get the error
Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: tls: first record does not look like a TLS handshake.
See 'docker run --help'.
This is docker version:
Client: Docker Engine - Community
Version: 19.03.9
API version: 1.40
Go version: go1.13.10
Git commit: 9d988398e7
Built: Fri May 15 00:25:34 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.9
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 9d988398e7
Built: Fri May 15 00:24:07 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.6
GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683
This is docker info ( I hidden informations about proxy of my company ):
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.9
Storage Driver: overlay
Backing Filesystem: extfs
Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-65-generic
Operating System: Ubuntu 16.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 48
Total Memory: 31.31GiB
Name: SPP00007867
ID: EEZD:GC4D:IWYF:2MVR:RLXW:MAZU:EQPV:A3FY:RFUY:6NXP:EJNG:TRMD
Docker Root Dir: /mnt/docker-data
Debug Mode: false
HTTP Proxy: http://xxxxx:xxxxx#xxx:8080
HTTPS Proxy: http://xxxxx:xxxxx#xxx:8080
No Proxy: localhost,127.0.0.1,localaddress,.localdomain.com
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: the overlay storage-driver is deprecated, and will be removed in a future release.
Can anyone help me ? Thank All !!!
I had this exact issue and it was due to HTTPS_PROXY not having the correct variable (https instead of http) assigned to it in both bashrc and docker desktop settings configuration

Docker cant´t find, pull images : server mis behaving

Docker toolbox installed for windows 10 Home Edition. Docker toolbox for this OS is installed. But when I can start learning the program, it gives me these errors. I cannot create an image or run an image. At the end of each error message it tells me that I have a server misbehaving. At the moment of running an image gives me the following error:
Unable to find image 'busybox:latest'
locally
latest: Pulling from library / busybox
d9cbbca60e5f: Pulling fs layer C: \Program Files\ Docker Toolbox\ docker.exe: error pulling image configuration: Get https: //registry-1.docker.io/v2/library/busybox/blobs/sha256:78096d0a54788961ca68393e5f8038704b97d8af374249dc5c8faec1b8045e42: dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: server misbehaving.
See 'C:\Program Files\Docker Toolbox\docker.exe run --help'.
And at the momento to pulling and image, i got this:
$ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
d9cbbca60e5f: Pulling fs layer error pulling image configuration: Get https://registry-1.docker.io/v2/library/busybox/blobs/sha256:78096d0a54788961ca68393e5f8038704b97d8af374249dc5c8faec1b8045e42: dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: server misbehaving
This is my docker info :
$ docker info Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.14.154-boot2docker
Operating System: Boot2Docker 19.03.5 (TCL 10.1)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 989.5MiB
Name: default
ID: ANYM:Q52D:BUAW:R6IO:HTFN:S4I6:JLX6:WVNK:QEGO:OHCZ:PCHP:NWJN
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug Mode: false
Username: dsabillon94
Registry: https://index.docker.io/v1/
Labels:
provider=virtualbox
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
Docker version
$ docker version
Client:
Version: 19.03.1
API version: 1.40
Go version: go1.12.7
Git commit: 74b1e89e8a
Built: Wed Jul 31 15:18:18 2019
OS/Arch: windows/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea838
Built: Wed Nov 13 07:28:45 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
You have these options
Wipe everything and re-install
Switch to Beta version.
You can also set DNS Server to 8.8.8.8 and try again pulling an image.
I hope one of option will help you :)

Docker command hang on container

I have created one container by using msql-server:5.7. After creating, I am able to access it without a problem. But after a couple of minutes, all Docker commands in the container becomes unresponsive. I cannot inspect, stop or kill. Is there a way I can debug? I have some other containers running as well, but those are OK.
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca471079614b mysql/mysql-server:5.7 "/entrypoint.sh mysq…" 2 hours ago Up 2 hours (healthy) 33060/tcp db
$ docker info
Containers: 8
Running: 8
Paused: 0
Stopped: 0
Images: 94
Server Version: 17.12.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-1047-aws
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.42GiB
Name: ip-172-31-12-60
ID: I7FQ:XUUN:UU5C:KVJI:JPDT:L2BV:B3EQ:5LHI:5XD5:PSWP:NI7Y:BDX7
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
$ docker version
Client:
Version: 17.12.0-ce
API version: 1.35
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:11:19 2017
OS/Arch: linux/amd64
Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:09:53 2017
OS/Arch: linux/amd64
Experimental: false
$ uname -a
Linux ip-172-31-12-60 4.4.0-1047-aws #56-Ubuntu SMP Sat Jan 6 19:39:06 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Are you double sure this is not docker specific issue? Maybe unsupported kernel version? All logs are dumped to a log file inside the volume in the /var/lib/docker/volumes directory. Try running the container without the -d flag so all output goes to stdout directly to identify the problem.
after couple of day trying, it turns out I change my instance-type from m4.2xlarge to m4.4xlarge. and after trying 1 days. it seems the problem solved. I have no idea why but it is good so far

Docker: Error grabbing logs: invalid character '\x00' looking for beginning of value

I upgraded my Docker version to the latest one and I got this error:
error from daemon in stream: Error grabbing logs: invalid character '\x00' looking for beginning of value
I can’t read logs using:
docker-compose logs -f myservice
nor with:
docker logs -f 6f454c73ff9c
Output of Docker version:
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:18 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:56 2017
OS/Arch: linux/amd64
Experimental: false
Output of Docker info:
Containers: 11
Running: 11
Paused: 0
Stopped: 0
Images: 8
Server Version: 17.09.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 76
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-97-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.695GiB
Name: egmintel-desktop
ID: VB22:IXWI:GY6D:QPM4:SPHX:HYUP:OQN7:ZM55:LLKE:P3UU:XK7F:26TH
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
My docker-compose version:
docker-compose version 1.16.1, build 6d1ac21
I also noticed that one of my containers is not working properly (but I can't see the error since I can't read logs) and I need to restart the Docker service so my container starts working again.
Any ideas how to solve this? Thanks!
simply remove the ~/.docker/ directory
Looks like your events.log file got corrupted. Try deleting following file
"/var/run/docker/libcontainerd/containerd/events.log"
restart the docker through init.d
Using windows Docker Desktop
Troubleshoot -> Reset to factory defaults
This fixed the issue for me.
For windows you need delete json file with 0x00 bytes
located in %USERPROFILE%\.docker\contexts folder and it's subdirs.

Resources