3

Complete newbie trying to get my feet wet on docker, so maybe I am doing something obviously wrong. I am having trouble running a container:

root@tethys:~# docker run ubuntu ls
lxc-start: Invalid argument - failed to clone

lxc-start: failed to create vethNGY9xv-veth3eKuyS : Operation not supported
lxc-start: failed to create netdev
lxc-start: failed to create the network
lxc-start: failed to spawn '38e59da80ff79f024304c761704924172fbd7632be705f9b71659a91de8467e9'
lxc-start: No such file or directory - failed to remove cgroup '/sys/fs/cgroup/cpuset//lxc/38e59da80ff79f024304c761704924172fbd7632be705f9b71659a91de8467e9'

Everything seems properly installed:

root@tethys:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
learn/tutorial      latest              8dbd9e392a96        8 months ago        128 MB
ubuntu              12.04               8dbd9e392a96        8 months ago        128 MB
ubuntu              latest              8dbd9e392a96        8 months ago        128 MB
ubuntu              precise             8dbd9e392a96        8 months ago        128 MB
ubuntu              12.10               b750fe79269d        8 months ago        175.3 MB
ubuntu              quantal             b750fe79269d        8 months ago        175.3 MB

The docker version is the currently stable version (actually, committed six days ago):

root@tethys:~# docker version
Client version: 0.7.1
Go version (client): go1.2
Git commit (client): 88df052
Server version: 0.7.1
Git commit (server): 88df052
Go version (server): go1.2
Last stable version: 0.7.1

And I would say my system should be supported:

root@tethys:~# uname -a
Linux tethys.wavilon.net 2.6.38.2-grsec-xxxx-grs-ipv6-64 #2 SMP Thu Aug 25 16:40:22 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
root@tethys:~# cat /etc/issue
Ubuntu 12.04.3 LTS \n \l

What else could I check?

blueFast
  • 41,341
  • 63
  • 198
  • 344

2 Answers2

2

According to the docs, docker "works best on the 3.8 kernel."

lnmx
  • 10,846
  • 3
  • 40
  • 36
  • I have the very same issue with Docker 0.8.0, Ubuntu 12.04.2 LTS and kernel 3.8.13-xxxx-grs-ipv6-64 – azmeuk Feb 06 '14 at 10:30
  • It looks like the common point is the use of GRSEC. Is there anything in the kernel logs or security logs? – jpetazzo Feb 06 '14 at 21:10
  • 1
    @azmeuk try running `lxc-checkconfig` (part of the lxc package) and see if it complains about any missing kernel features/permissions. – lnmx Feb 06 '14 at 23:11
  • @lnmx some features seem to miss, but how can I enable them ? If possible, without rebooting my production server :) https://gist.github.com/azmeuk/8859316 – azmeuk Feb 07 '14 at 08:58
0

For a grsecurity kernel especially if you are trying to run 'unprivileged containers' in LXC you will need to set the following in /etc/sysctl.conf:

kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_pivot = 0
kernel.grsecurity.chroot_deny_chroot = 0
kernel.grsecurity.chroot_deny_mount = 0

& then sysctl -p

Stuart Cardall
  • 2,099
  • 24
  • 18