泊坞窗中的安装权限被拒绝

问题描述 投票:1回答:1

根据官方指南(Install Docker Engine on Ubuntu,我遇到了在云服务器上安装docker的问题。我完成了旧版本的卸载,存储库设置和docker引擎安装(sudo apt-get install docker-ce docker-ce-cli containerd.io)。但是,在运行hello-world时出现错误。

wyf@VM1103-Timi:~$ sudo docker run hello-world docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/var/lib/docker/overlay2/e9fedf64e8983aa01e513cee591cdfd7fc60962466a476b51fc1ead682ec8022/merged\\\" at \\\"/proc\\\" caused \\\"permission denied\\\"\"": unknown. ERRO[0000] error waiting for container: context canceled

我尝试重新启动docker和server,但是问题仍然存在。因此,如果有人可以指导我解决此错误,那就太好了。如果您对此问题有任何想法,请告诉我。非常感谢!

Ps:我的系统是Ubuntu 18.04。因此,我没有selinux。我检查了AppArmor日志,而不是selinux。

May 19 21:14:55 VM1103-Timi networkd-dispatcher[155]: WARNING:Unknown index 37 seen, reloading interface list May 19 21:14:55 VM1103-Timi systemd-networkd[126]: veth71cf495: Link UP May 19 21:14:55 VM1103-Timi containerd[170]: time="2020-05-19T21:14:55.679793295+08:00" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/4c207ce1273d2c863ee419c5ebb271163a031394bd4c17ee75d44267d631954d/shim.sock" debug=false pid=106265 May 19 21:14:55 VM1103-Timi containerd[170]: time="2020-05-19T21:14:55.767796543+08:00" level=info msg="shim reaped" id=4c207ce1273d2c863ee419c5ebb271163a031394bd4c17ee75d44267d631954d May 19 21:14:55 VM1103-Timi dockerd[15100]: time="2020-05-19T21:14:55.776863367+08:00" level=error msg="stream copy error: reading from a closed fifo" May 19 21:14:55 VM1103-Timi dockerd[15100]: time="2020-05-19T21:14:55.776953910+08:00" level=error msg="stream copy error: reading from a closed fifo" May 19 21:14:55 VM1103-Timi systemd-networkd[126]: veth71cf495: Link DOWN May 19 21:14:55 VM1103-Timi dockerd[15100]: time="2020-05-19T21:14:55.927805156+08:00" level=error msg="4c207ce1273d2c863ee419c5ebb271163a031394bd4c17ee75d44267d631954d cleanup: failed to delete container from containerd: no such container"

奇怪的是,没有允许拒绝的错误记录。

这是我的Ubuntu版本,内核版本和Docker信息:

No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.4 LTS Release: 18.04 Codename: bionic

5.3.18-3-pve

Client: Debug Mode: false Server: Containers: 8 Running: 0 Paused: 0 Stopped: 8 Images: 1 Server Version: 19.03.8 Storage Driver: overlay2 Backing Filesystem: <unknown> Supports d_type: true Native Overlay Diff: false Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 5.3.18-3-pve Operating System: Ubuntu 18.04.4 LTS OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 4GiB Name: VM1103-Timi ID: 3G3F:LTVZ:NO25:C7LA:XKQV:ETMB:B6QU:3ZFJ:KBA5:R3KK:QZEA:ZONC Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

docker ubuntu permissions mount
1个回答
0
投票

解决方案可能是打开所需的端口。您的系统可能正在运行selinux和(或ufw,firewalld或iptables)和/或其他操作系统。阅读一下Linux防火墙工具,特别是系统上运行的工具。

对于selinux情况,您需要检查selinux日志,是否阻止了访问?使用selinux命令添加例外。https://wiki.centos.org/HowTos/SELinux这些工具值得学习,但可能会很复杂。快速测试禁用selinux和firewalld可以确认这是问题的根源,您可以稍后启用selinux和firewalld并以安全的方式允许/打开端口。

简单测试:禁用selinux和firewalld,例如在CentOS上

systemctl stop firewalld;
setenforcing 0;

如果您可以在禁用selinux的情况下创建容器,那么您已经确认selinux是您的问题。您可以启用防火墙和selinux,然后根据需要添加例外并打开端口。

这看起来不错(特定于ubuntu,但足够通用,恕我直言),它详细说明了打开端口以允许docker swarm工作所需的ufw命令,firewalld命令和iptables命令https://www.digitalocean.com/community/tutorials/how-to-configure-the-linux-firewall-for-docker-swarm-on-ubuntu-16-04

我最初获得有关ufw命令的有用信息,可从此处打开所需的端口:Error response from daemon: attaching to network failed, make sure your network options are correct and check manager logs: context deadline exceeded

ufw allow 2376/tcp 
ufw allow 2377/tcp
ufw allow 7946/tcp
ufw allow 7946/udp
ufw allow 4789/udp
ufw enable #maybe
ufw reload
systemctl restart docker

这是一个足够普遍的问题,通常selinux不允许访问所需的端口。例如https://github.com/google/cadvisor/issues/333

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.