New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to bind-mount /sys/fs/cgroup when user namespace is enabled. #27629
Comments
Can you test on 1.12.1? |
@justincormack How can I downgrade to 1.12.1 ? |
@yoshiokatsuneo something like |
@justincormack Thanks. So, I tried to downgrade to 1.12.1, but I got the similar error again.
|
ok, unrelated to another issue then. Guessing this is around the differences in mount permissions in userns? @estesp ? |
I cannot reproduce on the latest xenial kernel (4.4.0-45-generic), which is not very far from yours, so I'm not sure it has any relation to that. However, I wonder if zfs is somehow involved. I do not have a zfs disk to try, but maybe you could try running the daemon on a separate non-zfs mount with aufs or overlay2 graphdrivers? Specifically, I can run (on docker 1.12.3 with user namespaces enabled, and aufs driver):
and I get the Hello from Docker! message with no errors. |
@estesp I can reproduce the issue on the aufs, too... Ubuntu 16.05.1 |
Solved by upgrade the host kernel to Linux ubuntu-xenial 4.4.0-96-generic ubuntu@ubuntu-xenial:~$ sudo docker version Server: |
I can reproduce: $ uname -a $ docker version Server: $ docker run -v /sys:/sys:ro hello-world |
Let me close this ticket for now, as it looks like it went stale. |
Description
Starting a container with mouting /sys/fs/cgroup failed if user namespace is enabled.
There is no problem if I disabled the user namespace.
Steps to reproduce the issue:
Describe the results you received:
Error messages:
(operation not permitted)
Describe the results you expected:
Container starts.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: