I am using docker version Docker version 18.09.0, build 4d60db4 in a Ubuntu 16.04 system. I am unable to stop a docker container. My docker image contains a spring boot application. I am using the following command to stop the container:
sudo docker stop 0c6b70fcb25e
And I am getting the following error:
Error response from daemon: cannot stop container: 0c6b70fcb25e:
Cannot kill container 0c6b70fcb25e0b0c55f123853654cd2611e3702fdf5622bd07e12a92efa3df46:
unknown error after kill: runc did not terminate sucessfully:
container_linux.go:393: signaling init process caused "permission denied": unknown
I have tried running docker stop with and without sudo.
Try this:
docker kill --signal=SIGHUP my_container
You can find more information here.
Also, if you are on Linux, AppArmor may prevent stopping the containers. Disable AppArmor temporarily and try to stop the container again. For configuring the AppArmor check this link.
Follow this link. docker on ubuntu 16.04 error when killing container
I used the following commands and it worked.
sudo killall docker-containerd-shim
sudo docker-compose down
Related
I'm trying to kill a docker container, but I got permission denied. I use Ubuntu 20.04, my docker version for client is 20.10.7 and the one for the server is 20.10.11.
This is the log I got:
Error response from daemon: Cannot kill container: fastapi_server: permission denied
I read that I should use this comand for restarting docker.
sudo systemctl restart docker.socket docker.service
But the thing is that when I execute this command, all my containers and images dissapear, but If I try on localhost:8000 my port is occupied by the container that I wanted to delete. And if I run sudo netstat -anp | grep 8000, I get:
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 2493/docker-proxy
tcp6 0 0 :::8000 :::* LISTEN 2500/docker-proxy
So this confirms that my port is already taken by a docker container, but when I run docker ps -a, I get no container. I also tried docker kill, but it did not work.
How should I kill this container & get my 8000 port free?
Please think twice before removing AppArmor. To my understanding this is central to application security for instance on recent major Ubuntu versions.
It seems the rights problem is specific to a Docker version. Assuming yours is also installed via snap, please attempt upgrading your Docker version to at least the current beta, e.g. with
snap refresh docker --beta
20.10.12 seems to work fine.
(In fact I fell for the suggestion and did remove my AppArmor - snaps went away. Then reinstalled ASAP, the settings of relevant snaps are still with me - afterwards installed docker back, had the problem, upgraded it: seems to work like a charm.)
It appeared that I had installed docker with snap as well as using the docker repository:
sudo snap list
So:
sudo snap remove docker --purge
sudo aa-remove-unknown
Along with re-installing Docker using the method described here solved my issues! No need to disable or remove apparmor.
Try these steps:
docker inspect
Find the PID AND kill that process.
If that does not work check with
dmesg
everything related to Docker. You can put output here that we can help you.
Ok,from you png ist seems that you have problem with AppArmor. Try this:
sudo apt purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes
what works for me in these cases:
sudo systemctl restart docker.socket docker.service
sudo docker image rm -f $(sudo docker image ls -q)
I installed Docker from snap and experienced the permission denied error response. After reading many users experiencing more problems with the apparmor suggestion, I uninstalled Docker from snap, then used digitalocean's Docker installation tutorial.
It worked for me, posting here as reference for others experiencing the same problem.
In my case it was also apparmor on Ubuntu 20.04 after upgrade from Bionic. By running dmesg I got error message:
[1113458.482007] audit: type=1400 audit(1672134271.112:1718): apparmor="DENIED" operation="signal" profile="docker-default" pid=1654 comm="dockerd" requested_mask="receive" denied_mask="receive" signal=kill peer="snap.docker.dockerd
To fix this please edit /etc/apparmor.d/docker and add to the beginning (however, after the 'profile docker-default .... {' ) the following line:
signal,
Then reload apparmor
sudo systemctl reload apparmor
This fixed it at least on my computer.
See more https://manpages.ubuntu.com/manpages/xenial/man5/apparmor.d.5.html under section signal:
Example AppArmor signal rules:
# Allow all signal access
signal,
In my use-case, I want to backup a Docker volume using SystemD before docker-daemon is stopped.
I got a working version using Docker 17.03.2. The SystemD service is defined as follows:
[Unit]
Description=Backup some Docker volume
Requires=network-online.target docker.service
After=docker.service
[Service]
Type=oneshot
ExecStop=/bin/sh /var/dobackup.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
The content of /var/dobackup.sh is not that important here. It includes a docker command, which uses a given Docker volume and does a tar on it.
It might be important, that I am running this in the Google cloud compute engine, in a container optimized OS. In special, in milestone 69 (, which includes Docker v17.03.2).
Updating to Docker v18.09.3
Now, I want to update to Docker v18.09.3 (in special, I am updating the running OS to Container Optimized OS milestone 73).
The service from above does not work any more. I get the following error, when my docker-command in /var/dobackup.sh is running:
docker: Error response from daemon: all SubConns are in
TransientFailure, latest connection error: connection error: desc =
"transport: Error while dialing dial
unix:///var/run/containerd/containerd.sock: timeout": unavailable.
The problem is obviously in ContainerD not being available any more. I tried
Requires=network-online.target containerd.service docker.service
without success.
How can I adapt my service to Docker v18.09?
Some users have reported similar issues with containerd.server in previous Docker versions (17.12 and 18.03). The workaround applied was:
killall -9 dockerd
sudo service docker restart
In this link is mentioned a similar error and how users sorted it out the problem after restarting docker service.
Likely this is caused by a containerd/docker integration issue fixed in cos-73-11647-192-0. Could you try it on cos-73-11647-192-0?
When I run "docker run -it python:3" in a Ubuntu 18.04.1 LTS server, I got the following error. What does this mean and how do I fix this?
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"process_linux.go:385: running prestart hook 0 caused \\\"fork/exec /usr/bin/dockerd (deleted): no such file or directory\\\"\"": unknown.
Restart docker service.
I was also facing same issue. Solve it by restarting docker service:
sudo systemctl restart docker
Same described here,
https://github.com/moby/moby/issues/29640#issuecomment-273617532
For those of you who might have installed using snap, this will restart all docker services:
sudo snap restart docker
Or, for just the daemon, use:
sudo snap restart docker.dockerd
On running docker-compose stop it fails to stop the docker images, and gives an error like this:
ERROR: for nginx cannot stop container: 5f5ed6d2110a0d845508ede160d8196d3e01f1d677e22e4944adc8c984800cff: Cannot kill container
5f5ed6d2110a0d845508ede160d8196d3e01f1d677e22e4944adc8c984800cff: Unknown error after kill: docker-runc did not terminate sucessfully: container_linux.go:393: signaling init process caused "Permission Denied": unknown
The images are still running properly, they just don't restart. I am running docker-compose on Ubuntu.
I was able to work around the problem by running:
sudo killall docker-containerd-shim
And then docker-compose down started working for me.
I found the solution in this bug report, and it seems that it involves a backport of a fix to the runc code.
EDIT
It seems that the root cause of these problems on my system was the Docker snap image on my Ubuntu 18.04 installation. I completely removed the snap image and reinstalled Docker using https://get.docker.io, and I no longer encounter these problems. In the meantime, the rest of my answer above worked for me as a workaround.
Somehow this worked for me.
$ sudo killall containerd-shim
2021: in my case, I am using the
sudo aa-remove-unknown
then, run
sudo docker-compose down
then, the application down successfully
I had the same problem and what helped me was to kill all of my containers, delete all of my images and data volumes, and start over.
If you have no problem DELETING all of your data volumes and all of your unused images, you can try these two commands:
sudo service docker restart
docker system prune --all --volumes
There is such a solution.
Stop and restart docker services
sudo systemctl stop docker.socket
sudo systemctl stop docker
sudo systemctl restart docker
After check -> docker ps
if cant be deleted to containers then try this -> docker container rm container_name --force
Ports may not have been deleted. this will cause conflict.
Find used port PID -> sudo lsof -i:port
and kill sudo kill -9 PID
I ran a command like this in a docker-in-docker (dind) scenario:
docker daemon --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay
And I got this in the logs:
INFO[0000] libcontainerd: new containerd process, pid: 18
FATA[0000] Failed to connect to containerd. Please make sure containerd is installed in your PATH or you have specificed the correct address. Got error: write /proc/18/oom_score_adj: permission denied
Be sure to run the container in privileged mode.
docker run --privileged ...
This should fix the problem; you should now be able to install and run Docker inside this Docker image.