Skip to content
This repository has been archived by the owner. It is now read-only.

/etc/docker/daemon.json not work #36

Closed
HuJK opened this issue Aug 20, 2018 · 3 comments
Closed

/etc/docker/daemon.json not work #36

HuJK opened this issue Aug 20, 2018 · 3 comments

Comments

@HuJK
Copy link

@HuJK HuJK commented Aug 20, 2018

Wheh the /etc/docker/daemon.json exists, docker no longer started!

I installed docker from snap, so service docker restart will not work.
I start docker with

sudo snap start docker

The output from journalctl -xe is:

Aug  20 09:08:44 user-TV kernel: aufs aufs_fill_super:912:mount[1404]: no arg
Aug  20 09:08:44 user-TV kernel: overlayfs: missing 'lowerdir'
Aug  20 08:55:29 user-TV audit[644]: AVC apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/daemon.json" pid=644 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Aug  20 08:55:29 user-TV docker.dockerd[644]: unable to configure the Docker daemon with file /etc/docker/daemon.json: open /etc/docker/daemon.json: permission denied
Aug  20 08:55:29 user-TV kernel: audit: type=1400 audit(1534726529.513:7216): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/daemon.json" pid=644 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Aug  20 08:55:29 user-TV systemd[1]: snap.docker.dockerd.service: Main process exited, code=exited, status=1/FAILURE

Why it failed with open /etc/docker/daemon.json: permission denied in line 4 even I chmod 777 to it?

The content of the file is:

{
    "experimental": true
}

The docker version is 17.06.2-ce

@ma3310
Copy link

@ma3310 ma3310 commented Aug 25, 2018

Because Read permission hasn't defined in AppArmor configuration file: /var/lib/snapd/apparmor/profiles/snap.docker.dockerd

Open it and find #include <abstractions/openssl>, add below config under it:
/etc/docker/** r,

https://www.moha.online/tutorial/docker/concise-user-guide#Snap%E5%AE%89%E8%A3%85%E7%89%88%E6%97%A0%E6%B3%95%E4%BF%AE%E6%94%B9%E9%85%8D%E7%BD%AE

@anonymouse64
Copy link

@anonymouse64 anonymouse64 commented Sep 20, 2018

Modifying the daemon.json file is now supported in the version of the snap I have published in the edge channel. You can now edit the daemon.json located in $SNAP_DATA/config/daemon.json (on Ubuntu for example $SNAP_DATA is /var/snap/docker/current, it may be different on your distribution) and then restart docker for the changes to take effect with:

sudo snap restart docker

You may switch the snap to the edge channel to test this by running:

sudo snap refresh docker --edge

The changes in the edge channel should show up in stable in a short while.

Please let me know if this resolves the issue, and also please do not modify the apparmor profile for the snap, as this will be overwritten with a snap refresh and potentially opens up your system to security vulnerabilities if done incorrectly.

@HuJK
Copy link
Author

@HuJK HuJK commented Sep 26, 2018

Yes, issue is solved.

@HuJK HuJK closed this Sep 26, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants