process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown (Docker))

C

csm310599

New Member
Jun 29, 2022
11
1
3
I'm trying to deploy a docker container to perform some testings with gitlab runners but when I'm doing the docker-compose up command I get the following output:


Code: 
admin@runners-test:~/runner-test$ sudo docker-compose up -d
Starting gitlab-runner ... error

ERROR: for gitlab-runner  Cannot start service gitlab-runner: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown

ERROR: for gitlab-runner  Cannot start service gitlab-runner: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown
ERROR: Encountered errors while bringing up the project.


Abd this is the output of journalctl:



Code: 
Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.560275437Z" level=error msg="stream copy error: reading from a closed fifo"
Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.577270402Z" level=error msg="stream copy error: reading from a closed fifo"
Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.675282811Z" level=error msg="0cd3bbb779a947012c9059921f092b569eb088bb2fe0bf99a8ae3266ec43abbd cleanup: failed to delete container from containerd: no such container"
Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.675625496Z" level=error msg="Handler for POST /v1.25/containers/0cd3bbb779a947012c9059921f092b569eb088bb2fe0bf99a8ae3266ec43abbd/start returned error: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown"


And the docker-compose file:


YAML: 
version: '3'
services:
  gitlab-runner:
    container_name: gitlab-runner
    image: 'gitlab/gitlab-runner:latest'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config:/etc/gitlab-runner
    restart:
 unless-stopped


This error occurs with any container I try to lift, even doing a simple `docker run hello-world`...

I also take a look to this post but I don't know how to add kernel command line parameters for a lxc container, I'v been trying editing the /etc/default/grub file but update-grub command doesn't work as I want inside the lxc, because I get the following output:

Code: 
admin@runners-test:/$ sudo update-grub
[sudo] password for admin:
/usr/sbin/grub-probe: error: failed to get canonical path of `/dev/mapper/pve-vm--1010118--disk--0'.

I'm really stuck with this, so any kind of help would be welcome :) Thanks!
 
I just created an lxc with the 'unprivileged container' checkbox disabled and only the 'nesting' key enabled, and I was able to run a docker container perfectly, why ?
I always created containers with the 'unprivileged container', keyctl and nesting enabled...I though that was the best way to perform the configuration on lxc to deploy docker containers inside
 
I'm having the same problem. Is there any way to solve it without creating a privileged container?



Code: 
ERROR: Preparation failed: adding cache volume: set volume permissions: running permission container "3d55f4cf1c8643db33efeb987e89dc37a3639b752c54d76bd203ff3517a6edf0" for volume "runner-8ljknxv-project-7-concurrent-0-cache-3c3f060a0374fc8bc39395164f415a70": starting permission container: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown (linux_set.go:105:0s)
 
freidosa said:
I'm having the same problem. Is there any way to solve it without creating a privileged container?



Code: 
ERROR: Preparation failed: adding cache volume: set volume permissions: running permission container "3d55f4cf1c8643db33efeb987e89dc37a3639b752c54d76bd203ff3517a6edf0" for volume "runner-8ljknxv-project-7-concurrent-0-cache-3c3f060a0374fc8bc39395164f415a70": starting permission container: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown (linux_set.go:105:0s)
Click to expand...
The only way that I have been able to deploy docker containers without getting this problem has been to create an unprivileged container with nesting key feature enabled.

But I don't know if this is the right way to do it since nobody answered me to this post and to another one I made on reddit.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back