Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I can't execute the 'docker run' command to start a container in my CentOS, standard_init_linux.go:175: exec user process caused "permission denied" #26495

Open
volnet opened this issue Sep 12, 2016 · 33 comments
Assignees

Comments

@volnet
Copy link

@volnet volnet commented Sep 12, 2016

Description:

a. I have 2 OS:

OS-A: is my company OpenStack CentOS 7

Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015

OS-B: is my virtual machine in my Mac CentOS 7

Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015

b. OS-A encounter an error when I run

[root@xxx appuser]# docker run -d -p 27017:27017 --name mongo-node2 myname/mongo
bf27ac1d2e27e81dbcdb5384e247b35dc5510026a6624d499edcd2eda31db82f
[root@xxx appuser]# docker logs ^C
[root@xxx appuser]# docker logs bf27ac1d2e27e81dbcdb5384e247b35dc5510026a6624d499edcd2eda31db82f
standard_init_linux.go:175: exec user process caused "permission denied"

but OS-B without any error

when I run docker ps, I can't not see any containers is running.

I try the -i -t options to run:

[root@xxx appuser]# docker run -it -p 27017:27017  myname/mongo /bin/bash
standard_init_linux.go:175: exec user process caused "permission denied"
ERRO[4651] Handler for POST /v1.24/containers/007f3cf5507adb3a8a442400d7126c3ad015433d74dc287839c1b6cd461ddc2d/resize returned error: Container 007f3cf5507adb3a8a442400d7126c3ad015433d74dc287839c1b6cd461ddc2d is not running 

I try the strace command to trace:

[root@xxx appuser]# strace docker run -it -p 27017:27017  myname/mongo /bin/bash
execve("/bin/docker", ["docker", "run", "-it", "-p", "27017:27017", "myname/mongo", "/bin/bash"], [/* 20 vars */]) = 0
uname({sys="Linux", node="xxx.localdomain", ...}) = 0
brk(0)                                  = 0x13c0000
brk(0x13c11c0)                          = 0x13c11c0
arch_prctl(ARCH_SET_FS, 0x13c0880)      = 0
set_tid_address(0x13c0b50)              = 2926
set_robust_list(0x13c0b60, 24)          = 0
rt_sigaction(SIGRTMIN, {0xa19f50, [], SA_RESTORER|SA_SIGINFO, 0xa1a5a0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xa19fe0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0xa1a5a0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/usr/bin/docker", 4096) = 15
brk(0x13e21c0)                          = 0x13e21c0
brk(0x13e3000)                          = 0x13e3000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
sched_getaffinity(0, 8192, {f, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ...}) = 640
mmap(0xc000000000, 65536, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
munmap(0xc000000000, 65536)             = 0
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8245d4000
mmap(0xc820000000, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc820000000
mmap(0xc81fff8000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc81fff8000
mmap(0xc000000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8245c4000
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
sigaltstack(NULL, {ss_sp=0, ss_flags=SS_DISABLE, ss_size=0}) = 0
sigaltstack({ss_sp=0xc820002000, ss_flags=0, ss_size=32672}, NULL) = 0
gettid()                                = 2926
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGILL, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTRAP, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGABRT, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGBUS, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGFPE, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR1, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSEGV, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR2, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGALRM, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGSTKFLT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSTKFLT, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGCHLD, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGURG, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGURG, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGXCPU, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXCPU, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGXFSZ, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXFSZ, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGVTALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGVTALRM, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGPROF, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPROF, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGWINCH, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGIO, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGIO, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGPWR, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPWR, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGSYS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSYS, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {0xa19f50, [], SA_RESTORER|SA_SIGINFO, 0xa1a5a0}, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {0xa19f50, [], SA_RESTORER|SA_SIGINFO, 0xa1a5a0}, 8) = 0
rt_sigaction(SIGRTMIN, {0xa19f50, [], SA_RESTORER|SA_STACK|SA_SIGINFO, 0xa1a5a0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, NULL, {0xa19fe0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0xa1a5a0}, 8) = 0
rt_sigaction(SIGRT_1, NULL, {0xa19fe0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0xa1a5a0}, 8) = 0
rt_sigaction(SIGRT_1, {0xa19fe0, [], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0xa1a5a0}, NULL, 8) = 0
rt_sigaction(SIGRT_2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_2, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_3, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_3, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_4, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_4, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_5, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_5, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_6, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_6, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_7, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_7, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_8, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_8, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_9, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_9, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_10, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_10, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_11, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_11, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_12, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_12, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_13, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_13, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_14, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_14, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_15, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_15, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_16, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_16, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_17, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_17, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_18, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_18, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_19, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_19, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_20, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_20, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_21, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_21, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_22, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_22, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_23, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_23, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_24, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_24, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_25, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_25, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_26, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_26, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_27, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_27, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_28, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_28, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_29, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_29, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_30, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_30, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_31, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_31, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigaction(SIGRT_32, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_32, {0x461e10, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x461e30}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb823dc3000
mprotect(0x7fb823dc3000, 4096, PROT_NONE) = 0
clone(child_stack=0x7fb8245c2e70, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7fb8245c39d0, tls=0x7fb8245c3700, child_tidptr=0x7fb8245c39d0) = 2927
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb823d83000
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb823582000
mprotect(0x7fb823582000, 4096, PROT_NONE) = 0
clone(child_stack=0x7fb823d81e70, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7fb823d829d0, tls=0x7fb823d82700, child_tidptr=0x7fb823d829d0) = 2928
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb822d81000
mprotect(0x7fb822d81000, 4096, PROT_NONE) = 0
clone(child_stack=0x7fb823580e70, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7fb8235819d0, tls=0x7fb823581700, child_tidptr=0x7fb8235819d0) = 2929
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0xc820028d08, FUTEX_WAKE, 1)      = 1
futex(0x1395f08, FUTEX_WAIT, 0, NULL)   = 0
futex(0xc820028908, FUTEX_WAKE, 1)      = 1
ioctl(2, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
openat(AT_FDCWD, "/proc/sys/net/core/somaxconn", O_RDONLY|O_CLOEXEC) = 3
read(3, "128\n", 4096)                  = 4
read(3, "", 4092)                       = 0
close(3)                                = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
close(3)                                = 0
socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
bind(3, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 4
setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0
bind(4, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
close(4)                                = 0
close(3)                                = 0
mmap(0xc820100000, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc820100000
mmap(0xc81fff0000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc81fff0000
futex(0xc82005c108, FUTEX_WAKE, 1)      = 1
mmap(0xc820200000, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc820200000
mmap(0xc81ffe8000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc81ffe8000
syscall_318(0xc8201e3a37, 0x1, 0x1, 0, 0, 0) = -1 (errno 38)
openat(AT_FDCWD, "/dev/urandom", O_RDONLY|O_CLOEXEC) = 3
read(3, "W\254\360\177\361\255\243\273\357\21i\16\236<n\332T\223\vx\344\3G,|\364\351\327\265\241\22s"..., 4096) = 4096
mmap(0xc820300000, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc820300000
mmap(0xc81ffe0000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc81ffe0000
stat("/root/.docker/config.json", 0xc820340ac8) = -1 ENOENT (No such file or directory)
futex(0x1395350, FUTEX_WAKE, 1)         = 1
stat("/root/.dockercfg", 0xc820340b98)  = -1 ENOENT (No such file or directory)
stat("/sbin/docker-credential-secretservice", 0xc820340c68) = -1 ENOENT (No such file or directory)
stat("/bin/docker-credential-secretservice", 0xc820340d38) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/docker-credential-secretservice", 0xc820340e08) = -1 ENOENT (No such file or directory)
stat("/usr/bin/docker-credential-secretservice", 0xc820340ed8) = -1 ENOENT (No such file or directory)
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
futex(0xc820028908, FUTEX_WAKE, 1)      = 1
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
setsockopt(4, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/docker.sock"}, 23) = 0
epoll_create1(EPOLL_CLOEXEC)            = 5
epoll_ctl(5, EPOLL_CTL_ADD, 4, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=601431216, u64=140428852141232}}) = 0
getsockname(4, {sa_family=AF_LOCAL, NULL}, [2]) = 0
getpeername(4, {sa_family=AF_LOCAL, sun_path="/var/run/docker.sock"}, [23]) = 0
futex(0xc820028908, FUTEX_WAKE, 1)      = 1
read(4, 0xc8202ff000, 4096)             = -1 EAGAIN (Resource temporarily unavailable)
write(4, "POST /v1.24/containers/create HT"..., 1586) = 1586
futex(0xc820028d08, FUTEX_WAKE, 1)      = 1
futex(0x1395f08, FUTEX_WAIT, 0, NULL)   = 0
futex(0x1395f08, FUTEX_WAIT, 0, NULL)   = 0
                                           select(0, NULL, NULL, NULL, {0, 100})   = 0 (Timeout)
                                                                                                rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
                                                                                                                                                     mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb820cfd000
                                                                                 mprotect(0x7fb820cfd000, 4096, PROT_NONE) = 0
                                                                                                                              clone(child_stack=0x7fb8214fce70, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7fb8214fd9d0, tls=0x7fb8214fd700, child_tidptr=0x7fb8214fd9d0) = 2933
                                     rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
                                                                                 futex(0x1395f08, FUTEX_WAIT, 0, NULLstandard_init_linux.go:175: exec user process caused "permission denied"
)   = 0
       epoll_wait(5, {}, 128, 0)               = 0
                                                  futex(0xc8202fd508, FUTEX_WAKE, 1)      = 1
                                                                                             epoll_wait(5, {}, 128, 0)               = 0
                                                                                                                                        epoll_wait(5, {{EPOLLOUT, {u32=601431216, u64=140428852141232}}}, 128, -1) = 1
                                            epoll_wait(5, ERRO[4759] Handler for POST /v1.24/containers/746f1b737c74b01feffdf8d47bcb9655c33384a00fce950fa0a8678774f39918/resize returned error: rpc error: code = 2 desc = containerd: container not found 
                                                                                 {{EPOLLIN|EPOLLOUT, {u32=601431216, u64=140428852141232}}}, 128, -1) = 1
                                                                                                                                                         futex(0x1395350, FUTEX_WAKE, 1)         = 1
                          read(4, "HTTP/1.1 404 Not Found\r\nContent-"..., 4096) = 219
                                                                                      futex(0xc8202fd508, FUTEX_WAKE, 1)      = 1
                                                                                                                                 read(4, 0xc8202ff000, 4096)             = -1 EAGAIN (Resource temporarily unavailable)
                                             futex(0xc820028908, FUTEX_WAKE, 1)      = 1
futex(0x1395f08, FUTEX_WAIT, 0, NULL <unfinished ...>
+++ exited with 1 +++

My OS-A docker info result is :

 docker info
Containers: 7
 Running: 0
 Paused: 0
 Stopped: 7
Images: 1
Server Version: 1.12.1
Storage Driver: overlay
 Backing Filesystem: extfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.702 GiB
Name: xxx.localdomain
ID: ULS4:K6MK:VKUT:IVAK:ICFM:JGYX:VJ3L:DTYW:YEJI:2OOV:WQ5W:2KEQ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
 127.0.0.0/8

My OS-B docker info result is :

Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 1.12.1
Storage Driver: overlay
 Backing Filesystem: xfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: null bridge host overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.793 GiB
Name: centos-linux.shared
ID: DXYZ:FFIE:OSQS:ENNQ:JN4W:CKXD:72NJ:NO65:2AUN:WUKX:Z3NR:UTJ7
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
 127.0.0.0/8

OS-A / OS-B is using the same docker binary tar package to installed.

Tutorial by official document https://docs.docker.com/engine/installation/binaries/

 docker version
Client:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   23cf638
 Built:        Thu Aug 18 17:52:38 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   23cf638
 Built:        Thu Aug 18 17:52:38 2016
 OS/Arch:      linux/amd64

Can you help me?

@volnet volnet changed the title I can't execute the 'docker run' command to start a container in my CentOS I can't execute the 'docker run' command to start a container in my CentOS, standard_init_linux.go:175: exec user process caused "permission denied" Sep 12, 2016
@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Sep 12, 2016

@volnet do you get the same behavior if:

  • you start the container without exporting the port?
  • you start a simple process (e.g. ls, sh) in that image (assuming the binary is contained within it)
  • you start a simple process in the busybox or alpine image?

Thanks

@volnet

This comment has been minimized.

Copy link
Author

@volnet volnet commented Sep 12, 2016

@mlaventure
I can not connect to internet,so I use docker save myname/mongo mongo.tar to create a tar and use docker load < mongo.tar to recovery it.

I create the tar package in my Ubuntu , copy to OS-A and OS-B, the difference between OS-A and OS-B is only the permission (maybe).

The image of myname/mongo is very simple, created by Dockerfile

FROM mongo
@volnet

This comment has been minimized.

Copy link
Author

@volnet volnet commented Sep 13, 2016

@mlaventure
I try the empty ubuntu image

FROM ubuntu:14.04
docker run -it volnet/ubuntu /bin/bash

OS-A has error,OS-B is OK!
OS-A

docker run -it volnet/ubuntu-empty /bin/bash
docker: Error response from daemon: mkdir /var/lib/docker/overlay/55aef596cf7701785b467916067afda5b7f365631032afbae7f9b196abc68fca-init/merged/dev/shm: invalid argument.
See 'docker run --help'.
@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Sep 13, 2016

@volnet overlayfs is normally only supported from kernel 3.18.x

You may also be hitting #10294 which is an issue when using overlayfs on top of XFS in CentOS7.1

@volnet

This comment has been minimized.

Copy link
Author

@volnet volnet commented Sep 13, 2016

@mlaventure
how to confirm the difference between OS-A and OS-B?why OS-B is OK?

@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Sep 13, 2016

It may be something specific to OpenStack.

Meanwhile, you may want to upgrade to CentOS7.2 or use a different graphdriver.

@volnet

This comment has been minimized.

Copy link
Author

@volnet volnet commented Sep 14, 2016

@mlaventure

I try the command sudo dockerd -s vfs &

But also has errors:

storage driver type is supported
overlay supported & has error
overlay2 not supported
aufs not supported
btrfs not supported
devicemapper not supported
vfs supported & has error
zfs not supported

so I think it is not because the overlay

@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Sep 14, 2016

@volnet what error do you get with vfs?

The btrs and zfs would only work if your graphdriver directory is on their respective filesystem.

@volnet

This comment has been minimized.

Copy link
Author

@volnet volnet commented Sep 15, 2016

@mlaventure

[root@volnet-2 ~]# sudo ps -aux | grep docker
root     29646  0.0  0.0 112648   976 pts/0    S+   02:04   0:00 grep --color=auto docker
[root@volnet-2 ~]# sudo dockerd -s vfs &
[1] 29661
[root@volnet-2 ~]# INFO[0000] libcontainerd: new containerd process, pid: 29668 
INFO[0001] Graph migration to content-addressability took 0.00 seconds 
WARN[0001] mountpoint for pids not found                
INFO[0001] Loading containers: start.                   
...........INFO[0001] Firewalld running: false                     
INFO[0001] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address 

INFO[0001] Loading containers: done.                    
INFO[0001] Daemon has completed initialization          
INFO[0001] Docker daemon                                 commit=23cf638 graphdriver=vfs version=1.12.1
INFO[0001] API listen on /var/run/docker.sock           

[root@volnet-2 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@volnet-2 ~]# docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
volnet/ubuntu-empty   latest              4a725d3b3b1c        2 weeks ago         187.9 MB
[root@volnet-2 ~]# sudo docker run -i -t volnet/ubuntu-empty /bin/bash
standard_init_linux.go:175: exec user process caused "permission denied"
ERRO[0071] Handler for POST /v1.24/containers/22aea671fd86fa4350c2a60b181bc35b4fbfbfeb7869fc2ad249ac55f0aa473a/resize returned error: rpc error: code = 2 desc = containerd: container not found 
                       [root@volnet-2 ~]# 

also the standard_init_linux.go:175: exec user process caused "permission denied" error

@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Sep 15, 2016

@volnet please start docker in debug mode: dockerd -D -s vfs > docker.log and provide the whole log.

if possible, delete/move your /var/lib/docker beforehand to start from a clean state.

Thanks.

@volnet

This comment has been minimized.

Copy link
Author

@volnet volnet commented Sep 17, 2016

@mlaventure
I try the rm -rf /var/lib/docker & rm /var/run/docker.pid, and start docker in debug mode sudo dockerd -D -s vfs > /home/appuser/docker.log

login in another ssh client:

sudo docker load < ubuntu-empty.tar

sudo docker images

sudo docker run -i -t volnet/ubuntu-empty /bin/bash

The logs is

[root@volnet-2 ~]# sudo dockerd -D -s vfs > /home/appuser/docker.log
DEBU[0000] docker group found. gid: 2001
DEBU[0000] Listener created for HTTP on unix (/var/run/docker.sock)
INFO[0000] libcontainerd: new containerd process, pid: 15360
DEBU[0000] libcontainerd: containerd connection state change: TRANSIENT_FAILURE
DEBU[0000] containerd: read past events                  count=0
DEBU[0000] containerd: supervisor running                cpus=4 memory=3791 runtime=docker-runc runtimeArgs=[] stateDir=/var/run/docker/libcontainerd/containerd
DEBU[0000] containerd: grpc api on /var/run/docker/libcontainerd/docker-containerd.sock
DEBU[0001] Using default logging driver json-file
DEBU[0001] Golang's threads limit set to 27000
DEBU[0001] [graphdriver] trying provided driver "vfs"
DEBU[0001] Using graph driver vfs
DEBU[0001] Max Concurrent Downloads: 3
DEBU[0001] Max Concurrent Uploads: 5
INFO[0001] Graph migration to content-addressability took 0.00 seconds
WARN[0001] mountpoint for pids not found
DEBU[0001] Option DefaultDriver: bridge
DEBU[0001] Option DefaultNetwork: bridge
INFO[0001] Firewalld running: false
DEBU[0001] /sbin/iptables, [--wait --version]
DEBU[0001] /sbin/iptables, [--wait -t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER] 
DEBU[0001] /sbin/iptables, [--wait -t nat -D PREROUTING]
DEBU[0001] /sbin/iptables, [--wait -t nat -D OUTPUT]
DEBU[0001] /sbin/iptables, [--wait -t nat -F DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t nat -X DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t filter -F DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t filter -X DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t filter -F DOCKER-ISOLATION]
DEBU[0001] /sbin/iptables, [--wait -t filter -X DOCKER-ISOLATION]
DEBU[0001] /sbin/iptables, [--wait -t nat -n -L DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t nat -N DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t filter -n -L DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t filter -n -L DOCKER-ISOLATION]
DEBU[0001] /sbin/iptables, [--wait -t filter -C DOCKER-ISOLATION -j RETURN]
DEBU[0001] /sbin/iptables, [--wait -I DOCKER-ISOLATION -j RETURN]
INFO[0001] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address
DEBU[0001] Allocating IPv4 pools for network bridge (6ccb00315601a7240fa49f89711d81bd13dee99fdf93467acb2c0364e5ad4d59)
DEBU[0001] RequestPool(LocalDefault, 172.17.0.0/16, , map[], false)
DEBU[0001] RequestAddress(LocalDefault/172.17.0.0/16, 172.17.0.1, map[RequestAddressType:com.docker.network.gateway])
DEBU[0001] /sbin/iptables, [--wait -t nat -C POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE]
DEBU[0001] /sbin/iptables, [--wait -t nat -C DOCKER -i docker0 -j RETURN]
DEBU[0001] /sbin/iptables, [--wait -t nat -I DOCKER -i docker0 -j RETURN]
DEBU[0001] /sbin/iptables, [--wait -D FORWARD -i docker0 -o docker0 -j DROP]
DEBU[0001] /sbin/iptables, [--wait -t filter -C FORWARD -i docker0 -o docker0 -j ACCEPT]
DEBU[0001] /sbin/iptables, [--wait -t filter -C FORWARD -i docker0 ! -o docker0 -j ACCEPT]
DEBU[0001] /sbin/iptables, [--wait -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT]
DEBU[0001] /sbin/iptables, [--wait -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --dst 127.0.0.0/8]
DEBU[0001] /sbin/iptables, [--wait -t nat -A OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --dst 127.0.0.0/8]
DEBU[0001] /sbin/iptables, [--wait -t filter -C FORWARD -o docker0 -j DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t filter -C FORWARD -o docker0 -j DOCKER]
DEBU[0001] /sbin/iptables, [--wait -t filter -C FORWARD -j DOCKER-ISOLATION]
DEBU[0001] /sbin/iptables, [--wait -D FORWARD -j DOCKER-ISOLATION]
DEBU[0001] /sbin/iptables, [--wait -I FORWARD -j DOCKER-ISOLATION]
INFO[0001] Daemon has completed initialization
INFO[0001] Docker daemon                                 commit=23cf638 graphdriver=vfs version=1.12.1
DEBU[0001] Registering routers
DEBU[0001] Registering HEAD, /containers/{name:.*}/archive
DEBU[0001] Registering GET, /containers/json
DEBU[0001] Registering GET, /containers/{name:.*}/export
DEBU[0001] Registering GET, /containers/{name:.*}/changes
DEBU[0001] Registering GET, /containers/{name:.*}/json
DEBU[0001] Registering GET, /containers/{name:.*}/top
DEBU[0001] Registering GET, /containers/{name:.*}/logs
DEBU[0001] Registering GET, /containers/{name:.*}/stats
DEBU[0001] Registering GET, /containers/{name:.*}/attach/ws
DEBU[0001] Registering GET, /exec/{id:.*}/json
DEBU[0001] Registering GET, /containers/{name:.*}/archive
DEBU[0001] Registering POST, /containers/create
DEBU[0001] Registering POST, /containers/{name:.*}/kill
DEBU[0001] Registering POST, /containers/{name:.*}/pause
DEBU[0001] Registering POST, /containers/{name:.*}/unpause
DEBU[0001] Registering POST, /containers/{name:.*}/restart
DEBU[0001] Registering POST, /containers/{name:.*}/start
DEBU[0001] Registering POST, /containers/{name:.*}/stop
DEBU[0001] Registering POST, /containers/{name:.*}/wait
DEBU[0001] Registering POST, /containers/{name:.*}/resize
DEBU[0001] Registering POST, /containers/{name:.*}/attach
DEBU[0001] Registering POST, /containers/{name:.*}/copy
DEBU[0001] Registering POST, /containers/{name:.*}/exec
DEBU[0001] Registering POST, /exec/{name:.*}/start
DEBU[0001] Registering POST, /exec/{name:.*}/resize
DEBU[0001] Registering POST, /containers/{name:.*}/rename
DEBU[0001] Registering POST, /containers/{name:.*}/update
DEBU[0001] Registering PUT, /containers/{name:.*}/archive
DEBU[0001] Registering DELETE, /containers/{name:.*}
DEBU[0001] Registering GET, /images/json
DEBU[0001] Registering GET, /images/search
DEBU[0001] Registering GET, /images/get
DEBU[0001] Registering GET, /images/{name:.*}/get
DEBU[0001] Registering GET, /images/{name:.*}/history
DEBU[0001] Registering GET, /images/{name:.*}/json
DEBU[0001] Registering POST, /commit
DEBU[0001] Registering POST, /images/load
DEBU[0001] Registering POST, /images/create
DEBU[0001] Registering POST, /images/{name:.*}/push
DEBU[0001] Registering POST, /images/{name:.*}/tag
DEBU[0001] Registering DELETE, /images/{name:.*}
DEBU[0001] Registering OPTIONS, /{anyroute:.*}
DEBU[0001] Registering GET, /_ping
DEBU[0001] Registering GET, /events
DEBU[0001] Registering GET, /info
DEBU[0001] Registering GET, /version
DEBU[0001] Registering POST, /auth
DEBU[0001] Registering GET, /volumes
DEBU[0001] Registering GET, /volumes/{name:.*}
DEBU[0001] Registering POST, /volumes/create
DEBU[0001] Registering DELETE, /volumes/{name:.*}
DEBU[0001] Registering POST, /build
DEBU[0001] Registering POST, /swarm/init
DEBU[0001] Registering POST, /swarm/join
DEBU[0001] Registering POST, /swarm/leave
DEBU[0001] Registering GET, /swarm
DEBU[0001] Registering POST, /swarm/update
DEBU[0001] Registering GET, /services
DEBU[0001] Registering GET, /services/{id:.*}
DEBU[0001] Registering POST, /services/create
DEBU[0001] Registering POST, /services/{id:.*}/update
DEBU[0001] Registering DELETE, /services/{id:.*}
DEBU[0001] Registering GET, /nodes
DEBU[0001] Registering GET, /nodes/{id:.*}
DEBU[0001] Registering DELETE, /nodes/{id:.*}
DEBU[0001] Registering POST, /nodes/{id:.*}/update
DEBU[0001] Registering GET, /tasks
DEBU[0001] Registering GET, /tasks/{id:.*}
DEBU[0001] Registering GET, /networks
DEBU[0001] Registering GET, /networks/{id:.*}
DEBU[0001] Registering POST, /networks/create
DEBU[0001] Registering POST, /networks/{id:.*}/connect
DEBU[0001] Registering POST, /networks/{id:.*}/disconnect
DEBU[0001] Registering DELETE, /networks/{id:.*}
INFO[0001] API listen on /var/run/docker.sock
DEBU[0003] libcontainerd: containerd connection state change: READY
DEBU[0060] Calling GET /v1.24/containers/json
DEBU[0124] Calling POST /v1.24/images/load?quiet=0
DEBU[0125] Start untar layer
DEBU[0127] Untar time: 2.830977236s
DEBU[0127] Applied tar sha256:102fca64f92471ff7fca48e55807ae2471502822ba620292b0a06ebcab907cf4 to 83000b3f1ae85d08ec38587bcce0bd61224c337e92b9bd64b4524f0daa0930a0, size: 187738947
DEBU[0127] Creating dest directory: /var/lib/docker/vfs/dir/3133b14e3f1576cf35787758ed0577da7b7f437b6ba3f08f73b748abbdfa8443
DEBU[0127] Calling TarUntar(/var/lib/docker/vfs/dir/83000b3f1ae85d08ec38587bcce0bd61224c337e92b9bd64b4524f0daa0930a0, /var/lib/docker/vfs/dir/3133b14e3f1576cf35787758ed0577da7b7f437b6ba3f08f73b748abbdfa8443)
DEBU[0127] TarUntar(/var/lib/docker/vfs/dir/83000b3f1ae85d08ec38587bcce0bd61224c337e92b9bd64b4524f0daa0930a0 /var/lib/docker/vfs/dir/3133b14e3f1576cf35787758ed0577da7b7f437b6ba3f08f73b748abbdfa8443)
DEBU[0129] Start untar layer
DEBU[0129] Untar time: 0.03353235s
DEBU[0129] Applied tar sha256:24fe29584c046f2a88f7f566dd0bf7b08a8c0d393dfad8370633b0748bba8cbc to 3133b14e3f1576cf35787758ed0577da7b7f437b6ba3f08f73b748abbdfa8443, size: 194577
DEBU[0129] Creating dest directory: /var/lib/docker/vfs/dir/be7671f61c7d2cc9a858f2d55a1b10639e39f51fab91e8ebb2943bcf0c903ff2
DEBU[0129] Calling TarUntar(/var/lib/docker/vfs/dir/3133b14e3f1576cf35787758ed0577da7b7f437b6ba3f08f73b748abbdfa8443, /var/lib/docker/vfs/dir/be7671f61c7d2cc9a858f2d55a1b10639e39f51fab91e8ebb2943bcf0c903ff2)
DEBU[0129] TarUntar(/var/lib/docker/vfs/dir/3133b14e3f1576cf35787758ed0577da7b7f437b6ba3f08f73b748abbdfa8443 /var/lib/docker/vfs/dir/be7671f61c7d2cc9a858f2d55a1b10639e39f51fab91e8ebb2943bcf0c903ff2)
DEBU[0131] Start untar layer
DEBU[0131] Untar time: 0.031722234s
DEBU[0131] Applied tar sha256:530d731d21e1b1bbe356d70d3bca4d72d76fed89e90faab271d29bd58c8ccea4 to be7671f61c7d2cc9a858f2d55a1b10639e39f51fab91e8ebb2943bcf0c903ff2, size: 0
DEBU[0131] Creating dest directory: /var/lib/docker/vfs/dir/e0d9f5959c3deca5119fddb89326267e68fe7ba13efe5a770c23d8d4cea502ef
DEBU[0131] Calling TarUntar(/var/lib/docker/vfs/dir/be7671f61c7d2cc9a858f2d55a1b10639e39f51fab91e8ebb2943bcf0c903ff2, /var/lib/docker/vfs/dir/e0d9f5959c3deca5119fddb89326267e68fe7ba13efe5a770c23d8d4cea502ef)
DEBU[0131] TarUntar(/var/lib/docker/vfs/dir/be7671f61c7d2cc9a858f2d55a1b10639e39f51fab91e8ebb2943bcf0c903ff2 /var/lib/docker/vfs/dir/e0d9f5959c3deca5119fddb89326267e68fe7ba13efe5a770c23d8d4cea502ef)
DEBU[0138] Start untar layer
DEBU[0138] Untar time: 0.027832765000000002s
DEBU[0138] Applied tar sha256:344f56a35ff9fc747ada7d2b88bd21c49b2ec404872662cbaf0a65201873c0c6 to e0d9f5959c3deca5119fddb89326267e68fe7ba13efe5a770c23d8d4cea502ef, size: 1895
DEBU[0138] Creating dest directory: /var/lib/docker/vfs/dir/fa25b6002512545007cbacb76368a1eb6876cb315b6206226d09a1e4523bf5f6
DEBU[0138] Calling TarUntar(/var/lib/docker/vfs/dir/e0d9f5959c3deca5119fddb89326267e68fe7ba13efe5a770c23d8d4cea502ef, /var/lib/docker/vfs/dir/fa25b6002512545007cbacb76368a1eb6876cb315b6206226d09a1e4523bf5f6)
DEBU[0138] TarUntar(/var/lib/docker/vfs/dir/e0d9f5959c3deca5119fddb89326267e68fe7ba13efe5a770c23d8d4cea502ef /var/lib/docker/vfs/dir/fa25b6002512545007cbacb76368a1eb6876cb315b6206226d09a1e4523bf5f6)
DEBU[0151] Start untar layer
DEBU[0151] Untar time: 0.025889367s
DEBU[0151] Applied tar sha256:ffb6ddc7582aa7e2e73f102df3ffcd272e59b7cf3f7abefe08d11a7c85dea53a to fa25b6002512545007cbacb76368a1eb6876cb315b6206226d09a1e4523bf5f6, size: 7
DEBU[0191] Calling GET /v1.24/images/json
DEBU[0212] Calling POST /v1.24/containers/create
DEBU[0212] form data: {"AttachStderr":true,"AttachStdin":true,"AttachStdout":true,"Cmd":["/bin/bash"],"Domainname":"","Entrypoint":null,"Env":[],"HostConfig":{"AutoRemove":false,"Binds":null,"BlkioDeviceReadBps":null,"BlkioDeviceReadIOps":null,"BlkioDeviceWriteBps":null,"BlkioDeviceWriteIOps":null,"BlkioWeight":0,"BlkioWeightDevice":null,"CapAdd":null,"CapDrop":null,"Cgroup":"","CgroupParent":"","ConsoleSize":[0,0],"ContainerIDFile":"","CpuCount":0,"CpuPercent":0,"CpuPeriod":0,"CpuQuota":0,"CpuShares":0,"CpusetCpus":"","CpusetMems":"","Devices":[],"DiskQuota":0,"Dns":[],"DnsOptions":[],"DnsSearch":[],"ExtraHosts":null,"GroupAdd":null,"IOMaximumBandwidth":0,"IOMaximumIOps":0,"IpcMode":"","Isolation":"","KernelMemory":0,"Links":null,"LogConfig":{"Config":{},"Type":""},"Memory":0,"MemoryReservation":0,"MemorySwap":0,"MemorySwappiness":-1,"NetworkMode":"default","OomKillDisable":false,"OomScoreAdj":0,"PidMode":"","PidsLimit":0,"PortBindings":{},"Privileged":false,"PublishAllPorts":false,"ReadonlyRootfs":false,"RestartPolicy":{"MaximumRetryCount":0,"Name":"no"},"SecurityOpt":null,"ShmSize":0,"UTSMode":"","Ulimits":null,"UsernsMode":"","VolumeDriver":"","VolumesFrom":null},"Hostname":"","Image":"volnet/ubuntu-empty","Labels":{},"NetworkingConfig":{"EndpointsConfig":{}},"OnBuild":null,"OpenStdin":true,"StdinOnce":true,"Tty":true,"User":"","Volumes":{},"WorkingDir":""}
DEBU[0212] Creating dest directory: /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d-init
DEBU[0212] Calling TarUntar(/var/lib/docker/vfs/dir/fa25b6002512545007cbacb76368a1eb6876cb315b6206226d09a1e4523bf5f6, /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d-init)
DEBU[0212] TarUntar(/var/lib/docker/vfs/dir/fa25b6002512545007cbacb76368a1eb6876cb315b6206226d09a1e4523bf5f6 /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d-init)
DEBU[0213] Creating dest directory: /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d
DEBU[0213] Calling TarUntar(/var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d-init, /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d)
DEBU[0213] TarUntar(/var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d-init /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d)
DEBU[0216] container mounted via layerStore: /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d
DEBU[0217] Calling POST /v1.24/containers/908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3/attach?stderr=1&stdin=1&stdout=1&stream=1
DEBU[0217] attach: stdout: begin
DEBU[0217] attach: stdin: begin
DEBU[0217] attach: stderr: begin
DEBU[0217] Calling POST /v1.24/containers/908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3/start
DEBU[0217] container mounted via layerStore: /var/lib/docker/vfs/dir/9d3ee1df5528b4bca33db6f8d3c9c618f69ca9150e99fb325b138d7eeec8867d
DEBU[0217] Assigning addresses for endpoint sleepy_shannon's interface on network bridge
DEBU[0217] RequestAddress(LocalDefault/172.17.0.0/16, <nil>, map[])
DEBU[0217] Assigning addresses for endpoint sleepy_shannon's interface on network bridge
DEBU[0217] Programming external connectivity on endpoint sleepy_shannon (44cc13960bfc6c3158be194c738e73e5244cf2b214acfe550eb7964a942e5c13)
DEBU[0217] sandbox set key processing took 37.950464ms for container 908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3
DEBU[0217] containerd: process exited                    id=908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3 pid=init status=1 systemPid=15705
DEBU[0217] libcontainerd: received containerd event: &types.Event{Type:"start-container", Id:"908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3", Status:0x0, Pid:"", Timestamp:(*timestamp.Timestamp)(0xc8213f9ef0)}
DEBU[0217] libcontainerd: event unhandled: type:"start-container" id:"908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3" timestamp:<seconds:1474080244 nanos:163373325 >
DEBU[0217] libcontainerd: received containerd event: &types.Event{Type:"exit", Id:"908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3", Status:0x1, Pid:"init", Timestamp:(*timestamp.Timestamp)(0xc82166cff0)}
DEBU[0217] attach: stdout: end
DEBU[0217] attach: stdin: end
DEBU[0217] attach: stderr: end
DEBU[0217] Closing buffered stdin pipe
DEBU[0217] Revoking external connectivity on endpoint sleepy_shannon (44cc13960bfc6c3158be194c738e73e5244cf2b214acfe550eb7964a942e5c13)
DEBU[0217] Calling POST /v1.24/containers/908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3/resize?h=24&w=80
DEBU[0217] Releasing addresses for endpoint sleepy_shannon's interface on network bridge
DEBU[0217] ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2)
ERRO[0217] Handler for POST /v1.24/containers/908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3/resize returned error: Container 908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3 is not running
DEBU[0217] Calling GET /v1.24/containers/908b1d89ab4fe44e8c62b13a071ba93502e94ae05ecb163e18ba1b8c4b38d6a3/json

@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Sep 19, 2016

@volnet this last log seems to indicate that it works without error, did it not?

@volnet

This comment has been minimized.

Copy link
Author

@volnet volnet commented Sep 21, 2016

@mlaventure it also has the same error.

@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Sep 23, 2016

@volnet I cannot see a permission denied in that last log, is part of it missing?

@jcf

This comment has been minimized.

Copy link

@jcf jcf commented Oct 31, 2016

Update: I thought running my container may be problematic because I'm sharing a device (/dev/sdc) but even with --device /dev/sdc passed I get an error.

http://stackoverflow.com/questions/35617912/why-does-docker-container-prompt-permission-denied

Even the most basic hello world example errors.

$ docker --debug run alpine /bin/sh
DEBU[0000] framesize: 73                                
standard_init_linux.go:175: exec user process caused "permission denied"
DEBU[0000] Corrupted prefix: []                         
DEBU[0000] [hijack] End of stdout 

I'm experiencing the same error on Arch Linux.

Containers: 13
 Running: 0
 Paused: 0
 Stopped: 13
Images: 2
Server Version: 1.12.3
Storage Driver: btrfs
 Build Version: Btrfs v4.8.2
 Library Version: 101
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: host bridge null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 4.8.4-1-ARCH
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 20
Total Memory: 125.9 GiB
Name: op
ID: I7AS:7QQG:AOAF:V7WJ:YI6N:3BU6:VXFM:QGNT:SVDW:G62T:RASE:OIJO
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 14
 Goroutines: 23
 System Time: 2016-10-31T19:12:43.964201029Z
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Insecure Registries:
 127.0.0.0/8

Log output looks like this when I try to run sudo docker run --rm -it alpine /bin/sh:

DEBU[0122] container mounted via layerStore: /var/lib/docker/btrfs/subvolumes/01a2d811e77151ddb1274991316dc04dab5ab943ad762aa1380b6abb53316308 
DEBU[0122] Calling POST /v1.24/containers/7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03/attach?stderr=1&stdin=1&stdout=1&stream=1 
DEBU[0122] attach: stdin: begin                         
DEBU[0122] attach: stderr: begin                        
DEBU[0122] attach: stdout: begin                        
DEBU[0122] Calling POST /v1.24/containers/7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03/start 
DEBU[0122] container mounted via layerStore: /var/lib/docker/btrfs/subvolumes/01a2d811e77151ddb1274991316dc04dab5ab943ad762aa1380b6abb53316308 
DEBU[0122] Assigning addresses for endpoint mad_albattani's interface on network bridge 
DEBU[0122] RequestAddress(LocalDefault/172.17.0.0/16, <nil>, map[]) 
DEBU[0122] Assigning addresses for endpoint mad_albattani's interface on network bridge 
INFO[0122] No non-localhost DNS nameservers are left in resolv.conf. Using default external servers : [nameserver 8.8.8.8 nameserver 8.8.4.4] 
INFO[0122] IPv6 enabled; Adding default IPv6 external servers : [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844] 
DEBU[0122] Programming external connectivity on endpoint mad_albattani (6b8c4066a7672edd410979aaadd453c6af506bd63d0e4d0362a27b55d9e25626) 
DEBU[0122] sandbox set key processing took 84.32865ms for container 7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03 
DEBU[0122] containerd: process exited                    id=7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03 pid=init status=1 systemPid=2583
DEBU[0122] libcontainerd: received containerd event: &types.Event{Type:"start-container", Id:"7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03", Status:0x0, Pid:"", Timestamp:(*timestamp.Timestamp)(0xc4209ff420)} 
DEBU[0122] libcontainerd: event unhandled: type:"start-container" id:"7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03" timestamp:<seconds:1477941077 nanos:727455226 >  
DEBU[0122] libcontainerd: received containerd event: &types.Event{Type:"exit", Id:"7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03", Status:0x1, Pid:"init", Timestamp:(*timestamp.Timestamp)(0xc4209ffa10)} 
DEBU[0122] attach: stdout: end                          
DEBU[0122] attach: stderr: end                          
DEBU[0122] attach: stdin: end                           
DEBU[0122] Closing buffered stdin pipe                  
DEBU[0122] Revoking external connectivity on endpoint mad_albattani (6b8c4066a7672edd410979aaadd453c6af506bd63d0e4d0362a27b55d9e25626) 
DEBU[0122] Calling POST /v1.24/containers/7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03/resize?h=33&w=114 
DEBU[0122] Releasing addresses for endpoint mad_albattani's interface on network bridge 
DEBU[0122] ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2) 
ERRO[0122] Handler for POST /v1.24/containers/7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03/resize returned error: Container 7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03 is not running 
DEBU[0122] Calling POST /v1.24/containers/7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03/wait 
DEBU[0122] Calling GET /v1.24/containers/7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03/json 
DEBU[0122] Calling DELETE /v1.24/containers/7245870a44508019aae1fda7fcf524021ba5b65797f84547b3de4edfcfe8fb03?force=1&v=1 

This is all the output I get in my journal:

Oct 31 20:08:38 op systemd-timesyncd[4982]: Network configuration changed, trying to establish connection.
Oct 31 20:08:38 op systemd-udevd[24319]: Could not generate persistent MAC address for vethe4b0be8: No such file or directory
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:38 op systemd-udevd[24320]: Could not generate persistent MAC address for vethc94d72c: No such file or directory
Oct 31 20:08:38 op kernel: docker0: port 1(vethc94d72c) entered blocking state
Oct 31 20:08:38 op kernel: docker0: port 1(vethc94d72c) entered disabled state
Oct 31 20:08:38 op kernel: device vethc94d72c entered promiscuous mode
Oct 31 20:08:38 op kernel: IPv6: ADDRCONF(NETDEV_UP): vethc94d72c: link is not ready
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:38 op dockerd[21275]: time="2016-10-31T20:08:38.401325936Z" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers : [nameserver 8.8.8.8 nameserver 8.8.4.4]"
Oct 31 20:08:38 op dockerd[21275]: time="2016-10-31T20:08:38.401358211Z" level=info msg="IPv6 enabled; Adding default IPv6 external servers : [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
Oct 31 20:08:38 op systemd-timesyncd[4982]: Synchronized to time server 213.251.52.185:123 (0.arch.pool.ntp.org).
Oct 31 20:08:38 op systemd-timesyncd[4982]: Network configuration changed, trying to establish connection.
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op kernel: eth0: renamed from vethe4b0be8
Oct 31 20:08:38 op systemd-networkd[5051]: vethc94d72c: Gained carrier
Oct 31 20:08:38 op systemd-networkd[5051]: docker0: Gained carrier
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:38 op kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethc94d72c: link becomes ready
Oct 31 20:08:38 op kernel: docker0: port 1(vethc94d72c) entered blocking state
Oct 31 20:08:38 op kernel: docker0: port 1(vethc94d72c) entered forwarding state
Oct 31 20:08:38 op systemd-timesyncd[4982]: Synchronized to time server 213.251.52.185:123 (0.arch.pool.ntp.org).
Oct 31 20:08:38 op systemd-networkd[5051]: vethc94d72c: Lost carrier
Oct 31 20:08:38 op kernel: docker0: port 1(vethc94d72c) entered disabled state
Oct 31 20:08:38 op kernel: vethe4b0be8: renamed from eth0
Oct 31 20:08:38 op kernel: docker0: port 1(vethc94d72c) entered disabled state
Oct 31 20:08:38 op kernel: device vethc94d72c left promiscuous mode
Oct 31 20:08:38 op kernel: docker0: port 1(vethc94d72c) entered disabled state
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op systemd-timesyncd[4982]: Network configuration changed, trying to establish connection.
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:38 op systemd-timesyncd[4982]: Synchronized to time server 213.251.52.185:123 (0.arch.pool.ntp.org).
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op systemd-timesyncd[4982]: Network configuration changed, trying to establish connection.
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:38 op systemd-networkd[5051]: vethc94d72c: Removing non-existent address: fe80::60dd:edff:fe4f:c934/64 (valid forever)
Oct 31 20:08:38 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:38 op systemd-timesyncd[4982]: Synchronized to time server 213.251.52.185:123 (0.arch.pool.ntp.org).
Oct 31 20:08:38 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:39 op systemd-networkd[5051]: docker0: Lost carrier
Oct 31 20:08:39 op systemd-timesyncd[4982]: Network configuration changed, trying to establish connection.
Oct 31 20:08:39 op dnsmasq[5814]: reading /etc/resolv.conf
Oct 31 20:08:39 op dnsmasq[5814]: using nameserver 127.0.0.1#53
Oct 31 20:08:39 op systemd-timesyncd[4982]: Synchronized to time server 213.251.52.185:123 (0.arch.pool.ntp.org).
@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Nov 3, 2016

@jcf did you have the issue on a previous version of docker (e.g. 1.11.x)?

Could you try using a different storage driver and or graph directory (e.g. by using --storage-driver aufs --graph /var/lib/docker-aufs)?

@jcf

This comment has been minimized.

Copy link

@jcf jcf commented Nov 4, 2016

did you have the issue on a previous version of docker (e.g. 1.11.x)?

@mlaventure I've only been running Docker on a baremetal Linux machine for a few
weeks. Before that I'd run Docker inside a Vagrant VM, and sometimes connect a
client via DOCKER_HOST etc.

It's non-trivial installing an old version of Docker on Arch Linux
unfortunately. I can rollback to 1.12.2 because it's still in my local package
cache, but anything else will require me to do a bit of manual work, and it
sounds like you want to see the difference between 1.11 and 1.12.

-rw-r--r-- 1 root root 17M Oct 16 14:32 docker-1:1.12.2-1-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root 17M Oct 27 18:51 docker-1:1.12.3-1-x86_64.pkg.tar.xz

Could you try using a different storage driver and or graph directory (e.g. by
using --storage-driver aufs --graph /var/lib/docker-aufs)?

I think because I'm using btrfs, aufs isn't supported. Unfortunately, I don't
have a non-btrfs filesystem floating around either.

sudo dockerd -D --storage-driver aufs --graph /var/lib/docker-aufs                                                                                     ⏎
DEBU[0000] docker group found. gid: 991                 
DEBU[0000] Listener created for HTTP on unix (/var/run/docker.sock) 
INFO[0000] libcontainerd: new containerd process, pid: 30061 
DEBU[0000] libcontainerd: containerd connection state change: CONNECTING 
DEBU[0000] libcontainerd: containerd connection state change: TRANSIENT_FAILURE 
WARN[0000] containerd: low RLIMIT_NOFILE changing to max  current=1024 max=4096
DEBU[0000] containerd: read past events                  count=4
DEBU[0000] containerd: supervisor running                cpus=20 memory=128922 runtime=docker-runc runtimeArgs=[] stateDir=/var/run/docker/libcontainerd/containerd
DEBU[0000] containerd: grpc api on /var/run/docker/libcontainerd/docker-containerd.sock 
DEBU[0001] Using default logging driver json-file       
DEBU[0001] Golang's threads limit set to 926190         
DEBU[0001] [graphdriver] trying provided driver "aufs"  
DEBU[0001] Cleaning up old mountid : start.             
FATA[0001] Error starting daemon: error initializing graphdriver: driver not supported

I might be able to create a partition, and use ext3 on it, but won't have time
to set that up today I'm afraid.

Sorry I can't be of more help!

@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Nov 4, 2016

@jcf no worries for 1.11.1, it was just to check if it was maybe a regression from then.

I'll try to spin up a vm with arch linux and btrfs in a near future to try and reproduce.

@mlaventure mlaventure self-assigned this Nov 4, 2016
@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Nov 7, 2016

@jcf I can't reproduce your issue unfortunately.

The only difference on my local VM is that I'm under 4.8.6-1-ARCH.

Also note that by Arch being a building-edge distro, their frequently updated packages often causes incompatibility with docker which is the reason why we don't provide official packages for it.

To try a different graphdriver, you can create a loopback with another partition fs, e.g.:

$ dd if=/dev/zero of=/my-ext4-docker-graph bs=$((1024 * 1024)) count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 2.22901 s, 482 MB/s
$ mkfs.ext4 /my-ext4-docker-graph
...
$ systemctl stop docker
$ mount -o loop /my-ext4-docker-graph /var/lib/docker
$ systemctl start docker

Note that you may need to install the aufs tools, otherwise you can try with vfs just to confirm it's a not a btrfs related issue.

@Mo3m3n

This comment has been minimized.

Copy link

@Mo3m3n Mo3m3n commented Dec 26, 2016

Hi everyone,
This is maybe a bit late, but i had the same issue and this was happening because i was mounting the /var partition with the "noexec" option. Removing the "noexec" resolved the problem.

@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Jan 3, 2017

@volnet @jcf would you mind checking the mount options for the partitions as suggested by @Mhedivh ?

@jcf

This comment has been minimized.

Copy link

@jcf jcf commented Jan 4, 2017

@mlaventure I have noexec set on /var/lib.

/dev/nvme0n1p2 on /var/lib type btrfs (rw,nosuid,nodev,noexec,relatime,ssd,discard,space_cache,subvolid=257,subvol=/__active/ROOT/var/lib)
/dev/nvme0n1p2 on /var/lib/docker/btrfs type btrfs (rw,nosuid,nodev,noexec,relatime,ssd,discard,space_cache,subvolid=257,subvol=/__active/ROOT/var/lib/docker/btrfs)
@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Jan 4, 2017

@jcf then removing should fix your issue indeed.

@jcf

This comment has been minimized.

Copy link

@jcf jcf commented Jan 8, 2017

You might find requiring exec permission inside /var causes problems for others in future as it's recommended you disable exec for security reasons. Perhaps the Docker package/installer should be changed?

https://wiki.archlinux.org/index.php/security#Mount_options

@thaJeztah

This comment has been minimized.

Copy link
Member

@thaJeztah thaJeztah commented Jan 9, 2017

@dhilipkumars

This comment has been minimized.

Copy link

@dhilipkumars dhilipkumars commented Feb 16, 2017

I had the same problem.
if you dockerize a static go binary make sure you add these build flags
go build -ldflags "-linkmode external -extldflags -static" .
otherwise in go 1.7.4 by default it builds a dynamically linked binary. This is even more applicable if you are dockerizing FROM scratch

@tazle

This comment has been minimized.

Copy link

@tazle tazle commented Mar 15, 2017

I ran into the same issue with Docker 1.12.6 on CentOS 7.

Snippet from strace of dockerd-current and its sub-processes when running sudo docker run hello-world:

26034 <... openat resumed> )            = 3
26034 futex(0xac1f98, FUTEX_WAKE, 1 <unfinished ...>
26034 <... futex resumed> )             = 1
26034 write(3, "0", 1 <unfinished ...>
26034 <... write resumed> )             = 1
26034 close(4 <unfinished ...>
26034 <... close resumed> )             = 0
26034 execve("/hello", ["/hello"], [/* 3 vars */] <unfinished ...>
26034 <... execve resumed> )            = -1 EACCES (Permission denied)
26034 clock_gettime(CLOCK_REALTIME,  <unfinished ...>
26034 <... clock_gettime resumed> {1489581049, 637279250}) = 0
26034 write(-1, "{\"type\":1}", 10 <unfinished ...>
26034 <... write resumed> )             = -1 EBADF (Bad file descriptor)
26034 select(0, NULL, NULL, NULL, {0, 1000} <unfinished ...>
26034 <... select resumed> )            = 0 (Timeout)
26034 select(0, NULL, NULL, NULL, {0, 1000}) = 0 (Timeout)
26034 write(2, "panic: ", 7)            = 7
26034 write(2, "standard_init_linux.go:178: exec user process caused \"permission denied\"", 72 <unfinished ...>

The cause of EACCES is unknown, and I'm not sure how to start figuring it out, since I can't easily access the FS inside the container namespaces because I can't start any processes in the container.

@tazle

This comment has been minimized.

Copy link

@tazle tazle commented Mar 15, 2017

Curiously another container started, but that was because it was privileged:

$ sudo docker run hello-world
panic: standard_init_linux.go:178: exec user process caused "permission denied" [recovered]
        panic: standard_init_linux.go:178: exec user process caused "permission denied"
...

vs.

$ sudo docker run --privileged hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.
@tazle

This comment has been minimized.

Copy link

@tazle tazle commented Mar 15, 2017

This seems to have something to do with selinux:

type=SYSCALL msg=audit(1489586815.075:8620): arch=c000003e syscall=56 success=yes exit=4294 a0=6c028011 a1=7ffe6c6159c0 a2=7ffe6c616af0 a3=0 items=0 ppid=4285 pid=4292 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="exe" exe="/usr/libexec/docker/docker-runc-current" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1489586815.185:8621): avc:  denied  { transition } for  pid=4294 comm="exe" path="/hello" dev="dm-1" ino=261 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:svirt_lxc_net_t:s0:c45,c536 tclass=process
type=SYSCALL msg=audit(1489586815.185:8621): arch=c000003e syscall=59 success=no exit=-13 a0=c4200e55f7 a1=c4200e5610 a2=c4200ffe80 a3=0 items=0 ppid=4279 pid=4294 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="exe" exe="/usr/libexec/docker/docker-runc-current" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
@mlaventure

This comment has been minimized.

Copy link
Contributor

@mlaventure mlaventure commented Mar 15, 2017

ping @justincormack regarding the last selinux comment (#26495 (comment))

@cpuguy83

This comment has been minimized.

Copy link
Contributor

@cpuguy83 cpuguy83 commented Mar 17, 2017

What is this /usr/libexec/docker/docker-runc-current?

What is the output of ls -lZ /usr/bin/docker*?

@tazle

This comment has been minimized.

Copy link

@tazle tazle commented Mar 18, 2017

Something the CentOS package installed:

$ rpm -qf /usr/libexec/docker/docker-runc-current
docker-1.12.6-11.el7.centos.x86_64
$ ls -lZ /usr/libexec/docker/docker-runc-current
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/libexec/docker/docker-runc-current

There seems to be a setup where -current is the actual binary, and /usr/bin/docker etc. are shell wrappers:

$ ls -l /usr/bin/docker*
-rwxr-xr-x. 1 root root      735  6.3. 23:05 /usr/bin/docker
-rwxr-xr-x. 1 root root      717  6.3. 23:05 /usr/bin/docker-containerd
-rwxr-xr-x. 1 root root 11208384  7.3. 09:24 /usr/bin/docker-containerd-current
-rwxr-xr-x. 1 root root      797  6.3. 23:05 /usr/bin/docker-containerd-shim
-rwxr-xr-x. 1 root root  1970704  7.3. 09:24 /usr/bin/docker-containerd-shim-current
-rwxr-xr-x. 1 root root 10321584  7.3. 09:24 /usr/bin/docker-ctr-current
-rwxr-xr-x. 1 root root 17900856  7.3. 09:23 /usr/bin/docker-current
-rwxr-xr-x. 1 root root      740  6.3. 23:05 /usr/bin/dockerd
-rwxr-xr-x. 1 root root 51578592  7.3. 09:24 /usr/bin/dockerd-current
-rwxr-xr-x. 1 root root    33716  7.3. 09:24 /usr/bin/docker-storage-setup
$ ls -lZ /usr/bin/docker*
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker-containerd
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker-containerd-current
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker-containerd-shim
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker-containerd-shim-current
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker-ctr-current
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker-current
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/dockerd
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/dockerd-current
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/bin/docker-storage-setup
@cpuguy83

This comment has been minimized.

Copy link
Contributor

@cpuguy83 cpuguy83 commented Mar 18, 2017

This is not the official docker package, sadly nothing we can do here other than to say please install the official package.

Most likely you need to run chcon -t docker_exec_t /usr/bin/dockerd and restart docker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
9 participants
You can’t perform that action at this time.