Proxmox LXC Docker Pull Issues

L

lastb0isct

Renowned Member
Dec 29, 2015
61
7
73
39
Hi All,

Looks like i'm having issues with a CT with Docker installed. The Error i'm receiving is as follows:

Vrri0r8.png


Does anyone have any advise?
 
I don't think putting a container in a container is adviseable.

Spin up a basic *buntu or Debian of CentOS KVM host, and then put your docker stuff on that.
 
1nerdyguy said:
I don't think putting a container in a container is adviseable.

Spin up a basic *buntu or Debian of CentOS KVM host, and then put your docker stuff on that.
Click to expand...

According to https://github.com/docker/docker/issues/6783 it should be able to, shouldn't it? I saw some discussion on the forum regarding this, but not sure. Just to be clear, I'm able to get docker running in the LXC, i'm just getting that error when attempting to use docker to pull an image down.
 
Not saying it isn't possible, but I don't see the benefit personally. It's another layer of abstraction that isn't officially 'the way' of doing it, so possible support issue.

docker on KVM, on the other hand, is supported, known, and easy.
 
Just want things to be running on Baremetal whenever possible. I see the reasoning why it makes sense on KVM, but would be nice to try on CT as well.
 
You need to change the your profile to allow mounts. I've never done it, so I cannot help but I suggest you google for the error with apparmor. You normally need to change the used profile or extend it be able to do such things. (e.g. running NFS inside LXC also needs changes to profile and loosen the security).
 
HeroCC said:
Same issue here, same error: Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied. Using http://askubuntu.com/a/380000/353466 helped to solve it.
Click to expand...

Hey, thx for this!
Tried to set the below within the /etc/pve/lxc/<CTID>.conf file of the container having docker:
lxc.aa_profile: unconfined
lxc.cgroup.devices.allow: b 7:* rwm
lxc.cgroup.devices.allow: c 10:237 rwm

I don't get the
Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied
But I then get another type of error:
Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:291: setting cgroup config for ready process caused \"failed to write c 10:200 rwm to devices.allow: write /sys/fs/cgroup/devices/docker/*/devices.allow: operation not permitted\"".

How did you make it work @HeroCC ?
 
Alban Staehli said:
Hey, thx for this!
Tried to set the below within the /etc/pve/lxc/<CTID>.conf file of the container having docker:
lxc.aa_profile: unconfined
lxc.cgroup.devices.allow: b 7:* rwm
lxc.cgroup.devices.allow: c 10:237 rwm

I don't get the
Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied
But I then get another type of error:
Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:291: setting cgroup config for ready process caused \"failed to write c 10:200 rwm to devices.allow: write /sys/fs/cgroup/devices/docker/*/devices.allow: operation not permitted\"".

How did you make it work @HeroCC ?
Click to expand...

It's been a while since I did this, but after this fix I ran `docker run -d -p 38001:8001 --security-opt apparmor=lxc-container-default DOCKER/URLHERE` and it starts fine. I may have tried to install `apparmor` inside the container but I'm not 100% sure. It is a Ubuntu 16.04 container.
 
You must log in or register to reply here.
Top Bottom