Container creation fails with read-only bind mount

[thespad]

Environment:

• Ubuntu 22.04.4 x86_64
• Kernel 5.15.0-94
• Docker 26.0.0, installed from Docker repo
• Crun 1.15, installed from github release artifact

Error:

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: open mount target `/var/run/docker.sock`: No such device or address: unknown

Compose:

  dockerproxy:
    image: lscr.io/linuxserver/socket-proxy:latest
    container_name: dockerproxy
    logging:
      driver: json-file
      options:
        max-size: "100m"
        max-file: "5"
    environment:
      - CONTAINERS=1
      - NETWORKS=1
      - POST=0
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    tmpfs:
      - /run
    restart: always
    security_opt:
      - no-new-privileges=true
    read_only: true
    runtime: crun

Changing the docker.sock mount to rw allows the container creation to complete as expected.

[giuseppe]

thanks for the report. Was it working with the previous version of crun?

[thespad]

The last version I tried was 1.14.1 and it wasn't working there either but that also coincided with upgrading Docker to the 25.x release and so I put it down to a change there as it caused a few issues with different tools. I decided to wait for the next crun point release to try again so haven't tested 1.14.2/3/4

It was working before that but I can't be 100% sure which version of crun I was on.

[giuseppe]

opened a PR:

• https://github.com/containers/crun/pull/1464