Docker rootfs_linux.go permission denied when mounting /proc - docker

I'm using meteor-up to deploy to docker instances inside an LXD container. When it attempts to bring up a MongoDB docker instance, it fails with the following error:
docker: Error response from daemon: oci runtime error: container_linux.go:265: starting container process caused "process_linux.go:368: container init caused \"rootfs_linux.go:57: mounting \\\"proc\\\" to rootfs \\\"/var/lib/docker/vfs/dir/20a621a73755db3f4030bc67bbf7ff9540bd1d63bb348d8be440d8ca63d3c922\\\" at \\\"/proc\\\" caused \\\"permission denied\\\"\"".
I've tried deploying as the ubuntu user to my LXD container, and as root, and that hasn't helped. There's obviously some permissions issue here, but I don't know where to start debugging this problem.

According to https://discuss.linuxcontainers.org/t/having-trouble-using-docker/383 it sounds like you might need to set security.nesting=true. Stop the container (lxc stop deploy-container), configure nesting on (lxc config set deploy-container security.nesting true as per https://insights.ubuntu.com/2015/10/30/nested-containers-in-lxd) and lxc start deploy-container.

For Proxmox users: https://www.youtube.com/watch?v=79KiCBNbsbg
Enable Nesting feature on the container to fix the following error
ERROR: for mysql-8.0 Cannot start service mysql-8.0:
failed to create shim: OCI runtime create failed:
container_linux.go:380: starting container process caused: process_linux.go:545:
container init caused: rootfs_linux.go:76: mounting "proc" to rootfs at
"/proc" caused: mount through procfd: permission denied: unknown
But other users Proxmox users say to enable keyctl too.
If you still have errors you may need to remove domain_name and hostname from the docker-compose config to fix the following errors as said here.
ERROR: for mariadb10-4 Cannot start service mariadb10-4: failed to create shim: OCI runtime create failed: container_linux.go:380:
starting container process caused: process_linux.go:545:
container init caused: write sysctl key kernel.domainname:
open /proc/sys/kernel/domainname: permission denied: unknown

Related

Docker error failed to create shim: OCI runtime create failed: container_linux.go:380:

ERROR: for app_web
Cannot start service app_web: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:75: mounting "/host_mnt/Users/akanwar/Documents/c/cbax-config" to rootfs at "/cbax-apply-platform/node_modules/#c/cbax-config" caused: mkdir /var/lib/docker/overlay2/a3bccebb167966c795860d95a5a758f244ae5da780f962333f0d51d2d8b2def7/merged/cbax-apply-platform/node_modules/#c/cbax-config: operation not permitted: unknown
STEPS TAKEN TO RESOLVE
deleted the docker data ran everything.
From Docker widget Clean / Purge data
From Docker widget reset to factory settings
docker system prune --all
https://github.com/docker/for-mac/issues/1396 I followed this link as well and tried the solutions mentioned in it , but still none of it worked for me.
None of the solutions worked for me
You need to remove this from all services:
- ${CBAX_PATH}/cbax-apply-platform:/cbax-apply-platform:rw
You cannot mount a folder and then also sub-folders. This is wrong:
- ${CBAX_PATH}/cbax-apply-platform:/cbax-apply-platform:rw
- ${CBAX_PATH}/cbax-application-pages:/cbax-apply-platform/app/assets/components/cbax-application-pages:rw
Also you mount a lot of host folders in multiple service with read-write access. I think that makes a mess of your files on the host if all services start modifying files. It's better to mount them read-only.
This happens when the docker-compose file was looking for the folder cbax-config path on my machine on mac OS. MacOS doesn't have an cbax-config therefore it was not able to mount.

Mailu : when I run docker-compose, I got this error

I made a fresh install of mailu and when I run docker-compose up -d I have the following message :
Starting mailu_resolver_1 ... error
ERROR: for mailu_resolver_1 Cannot start service resolver: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "proc" to rootfs at "/proc" caused: mount through procfd: permission denied: unknown
ERROR: for resolver Cannot start service resolver: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "proc" to rootfs at "/proc" caused: mount through procfd: permission denied: unknown
ERROR: Encountered errors while bringing up the project.
Do you know the cause of the issue ?
Thanks for your help.
Best regards,
Docker daemon has permissions problems. Check out: https://github.com/sindresorhus/guides/blob/main/docker-without-sudo.md

Chaincode container getting created but not starting

Hyperledger-Fabric: v2.3.3
Peer docker image: tag 2.3.3
Error on peer logs after committing chaincode:
ERRO 036 start-could not start container: API error (400): failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "chaincode": executable file not found in $PATH: unknown
WARN 037 could not launch chaincode 'test_v1_v1:65f5b95ca7ff438e02a86aea4205bcd697a2afa0f4e37c314d3011667357fe50': error starting container: error starting container: API error (400): failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "chaincode": executable file not found in $PATH: unknown
docker ps -a shows that chaincode container status: Created.
I tried restarting peers and orderer, but same error
*Note: Comment if I should provide any specific configuration or anything to understand the problem.
The problem was that the package name in chaincode file was not "main" (I thought that we have to name it as parent directory).
So, the binary was not getting generated after the chaincode was committed. As a result when the peer was trying to launch/run chaincode container it was saying that I don't have binary/executable file to run.
After changing package name to "main" and doing packaging, installation and commit process the chaincode container started.
*NOTE: This is my understanding of the problem, please let me know if anything written above is misconception/ wrong.

Permission when run docker on Centos7

docker: Error response from daemon:
OCI runtime create failed: container_linux.go:349:
starting container process caused “process_linux.go:449:
container init caused \“write /proc/self/attr/keycreate:
permission denied\“”: unknown.
ERRO[0000] error waiting for container: context canceled
I got this error when set up Docker on Centos7. My partner find out a solution here
My solution is running this command:
sudo setenforce Permissive

Docker build error OCI runtime create failed [duplicate]

This question already has answers here:
Cannot start docker container In docker CE on oracle linux
(5 answers)
Closed 3 years ago.
I am trying to build an agent on the linux machine using docker. Everything was working fine and i was able to create the agent. But suddenly it was showing offline. When i tried to recreate the agent it was throwing below error:-
ERROR: for build-agent_dl-build-agent_1 Cannot start service dl-build-agent: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown
ERROR: for dl-build-agent Cannot start service dl-build-agent: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown
ERROR: Encountered errors while bringing up the project.
even if i am trying to run a simple docker command 'docker run hello-world' i am getting below error,
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
ERRO[0000] error waiting for container: context cancelled
Any suggestions?
Below command solved my issue,
sudo semanage permissive -a container_runtime_t
Please follow below link for more details,
Cannot start docker container In docker CE on oracle linux
Thanks #leopal for suggestion.

Resources