-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sudo: unable to send audit message: Operation not permitted
(Ubuntu 14.04)
#1318
Comments
@rarkins Hi. As a guide on what we do to run Docker within a Vagrantfile, you can take a look at the bash script within this file. It gives you a sense of the steps that we take to configure a Linux host to run the Docker container properly. There is some setup of the groups and file permissions. Typically, you get the docker ps issue when rights to /var/run/docker.sock are not setup in a way that we can use it. Could you https://github.com/eclipse/che/blob/2fca5b224ad3cf940556ec0d8e3659f472a76a2c/Vagrantfile |
@TylerJewell I ran chmod on docker.sock previously and you can check the permissions in my above bash log actually - looks correct to you? |
@rarkins -- will you humor me and run the pull request Vagrantfile. Is this successful for you? If so, then I think I see some errors in the compose file format that I'll need to work on. This Vagrantfile has the Linux syntax for running Docker Che. It's a bit more manual than compose, but if this file works then we have to back track to review the compose file. I might even attempt a Vagrantfile that launches compose instead of Docker run to verify the syntax. |
@rarkins - Hi. I have been working on using Docker compose with our nightly build. We have made some adjustments. This compose file was able to work for me. I'll also publish a Vagrantfile so that you can see the syntax that we use to create the VM to run this in as well. In this particular example, my VM was IP address of 192.168.28.100, so you would replace that value with the IP of the machine you are on.
|
@rarkins - I have also created a Vagrantfile which will run this syntax. This is using the nightly build of Eclipse Che, which is 4.3 - due to be released soon. |
@TylerJewell I really appreciate your updates on this. First of all I thought I'd try using the updated docker-compose definition above. Essentially the same result: $ sudo chmod 777 /var/run/docker.sock
$ ls -l /var/run/docker.sock
srwxrwxrwx 1 root docker 0 May 20 05:05 /var/run/docker.sock
ubuntu@rarkins:/app$ docker-compose up che
che is up-to-date
Attaching to che
che |
che | !!!
che | !!! Running 'docker' succeeded, but 'docker ps' failed. This usually means that docker cannot reach its daemon. On Mac and Linux, check the read / write permissions on '/var/run/docker.sock'. Consider running 'sudo chmod 777 /var/run/docker.sock'.
che | !!! By the way, I wasn't 100% sure if the IP address in |
@TylerJewell I was able to run your Vagrantfile on my Mac. In addition, I switched the box to |
@rarkins what you can do it:
You will have a shell in a container. Run Permissions for |
I think I've been able to progress this further by switching my VM's docker version from 1.10.3 to 1.11.3. However it's starting to mess with my regular config so I'm going to spin up a dedicated EC2 instance for this before continuing. I have some questions:
|
Also, after performing a |
We currently require 1.8.x+ of a Docker version for Che. But we will be moving to 1.11.x soon for stability reasons. We certainly make use of certain Docker API syntax that depends upon a version. But For the --remote command, it requires the IP address that you would want your browser clients to use when connecting to a workspace. So it's the public IP, not |
@rarkins We mount /var/run/docker.sock.. so when Docker in a container is invoked it triggers Docker on the host. If Docker versions on the host and in the container differ, that might be a problem. @TylerJewell for Che there are no Docker version requirements. 1.8+ is ok |
@rarkins @TylerJewell I found this issue - moby/moby#5899 Looks like we have hit it with Che, using |
|
@rarkins - if this resolves your issue, then we will update our various compose file, docker run docs, and the Vagrantfiles that make use of this. This is the first time I have seen this issue surface. |
@TylerJewell I think that the originally reported issue (sudo problem) was resolved by the new approach @eivantsov is taking in version 4.3. Therefore I'm not sure there's a need for any update apart from that. The issue discussion kind of evolved though and my current challenge is getting che-docker running on a "vanilla" Ubuntu 14.04 VM on EC2, which doesn't seem to work with the default instructions. Perhaps this:
I'm fine if this issue is closed though. |
We made this commit this morning for a new che.sh script that will make a test to see if the versions are different after |
I've been able to get this working on an EC2 Ubuntu 14.04 server as originally intended. Steps:
$ docker run --net=host \
--name che \
-p 8080:8080 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /home/user/che/lib:/home/user/che/lib-copy \
-v /home/user/che/workspaces:/home/user/che/workspaces \
-v /home/user/che/storage:/home/user/che/storage \
codenvy/che:nightly --remote:52.50.157.12 I think this can therefore be closed now. Thanks to everyone for the assistance. |
When me start kali nethunter show a error "sudo: unable to send audit message: Operation not permitted" |
I'm using docker compose, here is the config YAML:
Note that I'm using version 2 of the compose yml so instead of
net: host
it's nownetwork_mode: host
.I'm running a standard Ubuntu 14.04 server VM on EC2 with Docker 1.10.3 installed.
Here's what I see:
It seems like it's a combination of problems with Ubuntu 14.04, host networking, and sudo. Removing host networking instead gets the
Running 'docker' succeeded, but 'docker ps' failed. This usually means that docker cannot reach its daemon.
error.The text was updated successfully, but these errors were encountered: