Proxmox LXC Docker Pull Issues

lastb0isct

Member
Dec 29, 2015
61
6
6
38
Hi All,

Looks like i'm having issues with a CT with Docker installed. The Error i'm receiving is as follows:

Vrri0r8.png


Does anyone have any advise?
 
I don't think putting a container in a container is adviseable.

Spin up a basic *buntu or Debian of CentOS KVM host, and then put your docker stuff on that.
 
I don't think putting a container in a container is adviseable.

Spin up a basic *buntu or Debian of CentOS KVM host, and then put your docker stuff on that.

According to https://github.com/docker/docker/issues/6783 it should be able to, shouldn't it? I saw some discussion on the forum regarding this, but not sure. Just to be clear, I'm able to get docker running in the LXC, i'm just getting that error when attempting to use docker to pull an image down.
 
Not saying it isn't possible, but I don't see the benefit personally. It's another layer of abstraction that isn't officially 'the way' of doing it, so possible support issue.

docker on KVM, on the other hand, is supported, known, and easy.
 
Just want things to be running on Baremetal whenever possible. I see the reasoning why it makes sense on KVM, but would be nice to try on CT as well.
 
You need to change the your profile to allow mounts. I've never done it, so I cannot help but I suggest you google for the error with apparmor. You normally need to change the used profile or extend it be able to do such things. (e.g. running NFS inside LXC also needs changes to profile and loosen the security).
 
Same issue here, same error: Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied. Using http://askubuntu.com/a/380000/353466 helped to solve it.

Hey, thx for this!
Tried to set the below within the /etc/pve/lxc/<CTID>.conf file of the container having docker:
lxc.aa_profile: unconfined
lxc.cgroup.devices.allow: b 7:* rwm
lxc.cgroup.devices.allow: c 10:237 rwm

I don't get the
Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied
But I then get another type of error:
Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:291: setting cgroup config for ready process caused \"failed to write c 10:200 rwm to devices.allow: write /sys/fs/cgroup/devices/docker/*/devices.allow: operation not permitted\"".

How did you make it work @HeroCC ?
 
Hey, thx for this!
Tried to set the below within the /etc/pve/lxc/<CTID>.conf file of the container having docker:
lxc.aa_profile: unconfined
lxc.cgroup.devices.allow: b 7:* rwm
lxc.cgroup.devices.allow: c 10:237 rwm

I don't get the
Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied
But I then get another type of error:
Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:291: setting cgroup config for ready process caused \"failed to write c 10:200 rwm to devices.allow: write /sys/fs/cgroup/devices/docker/*/devices.allow: operation not permitted\"".

How did you make it work @HeroCC ?

It's been a while since I did this, but after this fix I ran `docker run -d -p 38001:8001 --security-opt apparmor=lxc-container-default DOCKER/URLHERE` and it starts fine. I may have tried to install `apparmor` inside the container but I'm not 100% sure. It is a Ubuntu 16.04 container.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!