Docker Rootless Ubuntu 22.04 - Unable to apply cgroup configuration (`...: Interactive authentication required.: unknown.`)

[yghazi]

Description

I'm using Ubuntu 22.04 and docker version 23.0.1 to setup docker-rootless. The original docker setup works out. But the trouble is with the rootless version. I can do docker ps after and it works as expected. But when I try to run docker run hello-world to see if the installation actually works, it says:

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to
 start container process: unable to apply cgroup configuration: unable to start unit "docker-
17cf4f4cf9e70ec40048541524c9ce751f3e1a1ec87074b2a746ebdaad9fa2cd.scope" (properties [{Name:Description 
Value:"libcontainer container 17cf4f4cf9e70ec40048541524c9ce751f3e1a1ec87074b2a746ebdaad9fa2cd"} {Name:Slice 
Value:"user.slice"} {Name:Delegate Value:true} {Name:PIDs Value:@au [33419]} {Name:MemoryAccounting Value:true} 
{Name:CPUAccounting Value:true} {Name:IOAccounting Value:true} {Name:TasksAccounting Value:true} 
{Name:DefaultDependencies Value:false}]): Interactive authentication required.: unknown.
ERRO[0010] error waiting for container: 

Reproduce

I've used the official documentation for setup. When I run docker run hello-world, the abovementioned error occurs. And I can't find a way to troubleshoot in the documentation.

Expected behavior

docker run hello-world should run the hello-world container and exit with:

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

docker version

Client:
 Version:           23.0.0
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        e92dd87
 Built:             Wed Feb  1 17:43:29 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.5
  Git commit:       bc3805a
  Built:            Thu Feb  9 19:47:01 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.6.16
  GitCommit:        31aa4358a36870b21a992d3ad2bef29e1d693bec
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 rootlesskit:
  Version:          1.1.0
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /tmp/rootlesskit2752381057
 slirp4netns:
  Version:          1.0.1
  GitCommit:        6a7b16babc95b6a3056b33fb45b74a6f62262dd4

docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.16.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose
  scan: Docker Scan (Docker Inc.)
    Version:  v0.23.0
    Path:     /usr/libexec/docker/cli-plugins/docker-scan

Server:
 Containers: 3
  Running: 0
  Paused: 0
  Stopped: 3
 Images: 2
 Server Version: 23.0.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: false
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 31aa4358a36870b21a992d3ad2bef29e1d693bec
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  rootless
  cgroupns
 Kernel Version: 5.15.0-25-generic
 Operating System: Ubuntu 22.04.1 LTS (error determining if containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 7.765GiB
 Name: vmi598327.contaboserver.net
 ID: bc893c37-facb-4cf5-b2d7-e4585c1cf741
 Docker Root Dir: /home/admin/.local/share/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpu shares support
WARNING: No cpuset support
WARNING: No io.weight support
WARNING: No io.weight (per device) support
WARNING: No io.max (rbps) support
WARNING: No io.max (wbps) support
WARNING: No io.max (riops) support
WARNING: No io.max (wiops) support

Additional Info

I've tried the same thing on 20.04 with the same results.

[AkihiroSuda]

Please try sudo apt-get install -y dbus-user-session and reboot

[yghazi]

Already did that to no avail.

[AkihiroSuda]

Is this new in v23? Was v20.10 working on your environment?

[AkihiroSuda]

Can't repro the issue locally on a clean installation of Ubuntu 22.04