使用docker swarm报错

[nothingp]

umount: can't unmount /host/var/lib/docker/overlay/db3a185feda61f38558d4f2c3db060526ffedddd532701ce9030751dee15cb31/merged: Operation not permitted
Traceback (most recent call last):
File "/pilot/entrypoint", line 34, in
cleanup()
File "/pilot/entrypoint", line 24, in cleanup
umount(volume)
File "/pilot/entrypoint", line 12, in umount
subprocess.check_call('umount %s' % volume, shell=True)
File "/usr/lib/python2.7/subprocess.py", line 186, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command 'umount /host/var/lib/docker/overlay/db3a185feda61f38558d4f2c3db060526ffedddd532701ce9030751dee15cb31/merged' returned non-zero exit status 1

无法umount ？ 能告诉我原因吗？

[BSWANG]

容器运行的时候是否加了privileged权限？或者被授予CAP_SYS_ADMIN的权限？

[yangwf]

@BSWANG
fluentd-pilot用docker run方式启动加上privileged权限可以运行，但是在docker swarm mode模式下用docker service create -d --user root --name pilot --mode global --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=/,dst=/host iot.io/fluentd-pilot
方式启动仍然存在问题：

或者说 docker service create方式怎么做到和docker run一样的授权呢？

[BSWANG]

docker service 不支持加capability，参考 moby/swarmkit#1030