Skip to content
This repository has been archived by the owner. It is now read-only.

/etc/docker/daemon.json not work #36

Closed
HuJK opened this issue Aug 20, 2018 · 3 comments

Comments

@HuJK
Copy link

commented Aug 20, 2018

Wheh the /etc/docker/daemon.json exists, docker no longer started!

I installed docker from snap, so service docker restart will not work.
I start docker with

sudo snap start docker

The output from journalctl -xe is:

Aug  20 09:08:44 user-TV kernel: aufs aufs_fill_super:912:mount[1404]: no arg
Aug  20 09:08:44 user-TV kernel: overlayfs: missing 'lowerdir'
Aug  20 08:55:29 user-TV audit[644]: AVC apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/daemon.json" pid=644 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Aug  20 08:55:29 user-TV docker.dockerd[644]: unable to configure the Docker daemon with file /etc/docker/daemon.json: open /etc/docker/daemon.json: permission denied
Aug  20 08:55:29 user-TV kernel: audit: type=1400 audit(1534726529.513:7216): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/daemon.json" pid=644 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Aug  20 08:55:29 user-TV systemd[1]: snap.docker.dockerd.service: Main process exited, code=exited, status=1/FAILURE

Why it failed with open /etc/docker/daemon.json: permission denied in line 4 even I chmod 777 to it?

The content of the file is:

{
    "experimental": true
}

The docker version is 17.06.2-ce

@ma3310

This comment has been minimized.

Copy link

commented Aug 25, 2018

Because Read permission hasn't defined in AppArmor configuration file: /var/lib/snapd/apparmor/profiles/snap.docker.dockerd

Open it and find #include <abstractions/openssl>, add below config under it:
/etc/docker/** r,

https://www.moha.online/tutorial/docker/concise-user-guide#Snap%E5%AE%89%E8%A3%85%E7%89%88%E6%97%A0%E6%B3%95%E4%BF%AE%E6%94%B9%E9%85%8D%E7%BD%AE

@anonymouse64

This comment has been minimized.

Copy link

commented Sep 20, 2018

Modifying the daemon.json file is now supported in the version of the snap I have published in the edge channel. You can now edit the daemon.json located in $SNAP_DATA/config/daemon.json (on Ubuntu for example $SNAP_DATA is /var/snap/docker/current, it may be different on your distribution) and then restart docker for the changes to take effect with:

sudo snap restart docker

You may switch the snap to the edge channel to test this by running:

sudo snap refresh docker --edge

The changes in the edge channel should show up in stable in a short while.

Please let me know if this resolves the issue, and also please do not modify the apparmor profile for the snap, as this will be overwritten with a snap refresh and potentially opens up your system to security vulnerabilities if done incorrectly.

@HuJK

This comment has been minimized.

Copy link
Author

commented Sep 26, 2018

Yes, issue is solved.

@HuJK HuJK closed this Sep 26, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
3 participants
You can’t perform that action at this time.