process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown (Docker))

Question

I'm trying to deploy a docker container to perform some testings with gitlab runners but when I'm doing the docker-compose up command I get the following output:

admin@runners-test:~/runner-test$ sudo docker-compose up -d
Starting gitlab-runner ... error

ERROR: for gitlab-runner  Cannot start service gitlab-runner: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown

ERROR: for gitlab-runner  Cannot start service gitlab-runner: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown
ERROR: Encountered errors while bringing up the project.

Abd this is the output of journalctl:

Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.560275437Z" level=error msg="stream copy error: reading from a closed fifo"
Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.577270402Z" level=error msg="stream copy error: reading from a closed fifo"
Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.675282811Z" level=error msg="0cd3bbb779a947012c9059921f092b569eb088bb2fe0bf99a8ae3266ec43abbd cleanup: failed to delete container from containerd: no such container"
Sep 23 07:23:24 runners-test dockerd[231]: time="2022-09-23T07:23:24.675625496Z" level=error msg="Handler for POST /v1.25/containers/0cd3bbb779a947012c9059921f092b569eb088bb2fe0bf99a8ae3266ec43abbd/start returned error: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown"

And the docker-compose file:

version: '3'
services:
  gitlab-runner:
    container_name: gitlab-runner
    image: 'gitlab/gitlab-runner:latest'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config:/etc/gitlab-runner
    restart:
 unless-stopped

This error occurs with any container I try to lift, even doing a simple docker run hello-world...

I also take a look to this post on proxmox forum but I don't know how to add kernel command line parameters for a lxc container, I'v been trying editing the /etc/default/grub file but update-grub command doesn't work as I want inside the lxc, I get the following output:

admin@runners-test:/$ sudo update-grub
[sudo] password for admin: 
/usr/sbin/grub-probe: error: failed to get canonical path of `/dev/mapper/pve-vm--1010118--disk--0'.

I'm really stuck with this, so any kind of help would be welcome :) Thanks!

Solved: the problem whas related to the way that the lxc was deployed on the proxmox server, it's necessary to create an unprivileged container an nesting key feature enabled — user3105, Feb 24 '23 at 13:54

score 0 · Answer 1 · edited Feb 07 '23 at 16:09

I referenced many other links when finally discovering doing a (on CentOS) update did the trick. So:

yum update -y
reboot

After the reboot, the system came back online and I proceeded to run my docker container, in this case a docker registry:

[root@server ~]# docker run -d --name registry registry:2
c40941bf42c853709bcca05bad4e8914df1f4932a355607f37b55f7e0ed01e60

[root@server ~]# docker ps -a
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS                     PORTS                                                                                                                                                                      
NAMES
c40941bf42c8        registry:2                    "/entrypoint.sh /e..."   3 seconds ago       Up 2 seconds               5000/tcp

The docker container booted up fine.

So, also here are reference pages I checked out, and I did not have to change anything in /boot/boot.txt as this one references, but is good info:

https://my-take-on.tech/2021/05/07/fix-docker-cgroup-errors-after-systemd-248-update/

and this one, which after I read it, it had me finally trying to do a yum update for fix:

docker-compose throws errors by starting mariadb for an private nextcloud installation

score 0 · Answer 2 · answered Apr 17 '23 at 21:49

0

I had this issue. Eventually I figured out that it is caused by too old docker within container. My host system used cgroups v2 which that old docker could not handle. Switching container from Debian 11 to Debian 12 resolved the issue for me.

answered Apr 17 '23 at 21:49

Self-Perfection

1
1

process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown (Docker))

2 Answers2