Normal running now fails, for CentOS 6.x images, on Debian testing, after upgrading Linux kernel from 4.9 to 4.11

[vincent-ferotin]

• [x] This is a bug report
• [ ] This is a feature request
• [x] I searched existing issues before opening this one, possibly related to #49, #47?

Expected behavior

docker CE 17.06 should work same, for CentoS 6.x images, with 4.9 or 4.11 Linux kernel version, at vagrant up, docker build . or docker run -t -i <image> /bin/bash. This failure is encountered only with 6.x branch of CentOS, and 4.11 branch of Linux together (it works fine with kernel at 4.9, or kernel at 4.11 with 7.x branch of CentOS).

Actual behavior

Using Docker through Vagrant, after updating distribution (Debian testing, today), for a CentOS 6.9 image, the latter now returns following error: default: The command '/bin/sh -c set -x && yum update -y [...] ' returned a non-zero code: 139. This error is also reported in case of use of sole Dockerfile, with docker build .. Also, using direct images from https://hub.docker.com/_/centos/ (instead of building our own images from them) with docker run -t -i <image> /bin/bash fails to give user a shell.

Steps to reproduce the behavior

• Here's a minimal Dockerfile for which error occured:

  FROM centos:6.9
  
  RUN yum update -y
  
  CMD ["/bin/bash"]

  vagrant up and docker build . fail with error:

  The command '/bin/sh -c yum update -y' returned a non-zero code: 139

• A more minimal example would be:

  docker run -t -i centos:6.9 /bin/bash

  does not give user a shell inside the container.

Output of docker version:

Client:
 Version:      17.06.0-ce
 API version:  1.30
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:17:22 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.06.0-ce
 API version:  1.30 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:16:12 2017
 OS/Arch:      linux/amd64
 Experimental: false

Output of docker info:

Containers: 14
 Running: 0
 Paused: 0
 Stopped: 14
Images: 27
Server Version: 17.06.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.11.0-1-amd64
Operating System: Debian GNU/Linux buster/sid
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.54GiB
Name: Tryscoped
ID: YYBN:LCRS:YXZ2:CG3G:N2IQ:EDHI:2HKM:L7EJ:5R3A:LNMP:LRUD:ASUG
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.)

• Vagrant from Debian repos, at current version in testing: 1.9.1.
• The expected and previous behavior works if I run previous Linux kernel image.
• Output of uname for failing kernel is: Linux hostname 4.11.0-1-amd64 #1 SMP Debian 4.11.6-1 (2017-06-19) x86_64 GNU/Linux
• Backporting Docker to 17.03 version did not solve the issue.
• Previous working version of Linux was (uname -a): Linux hostname 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64 GNU/Linux
• yum-plugin-ovl is installed on centos:6.x image.

[cpuguy83]

Do you have the full stdout/stderr details? Have you tried running manually to see what happens?

[vincent-ferotin]

Here's the full output of vagrant up:

 % vagrant up                   
Bringing machine 'default' up with 'docker' provider...
==> default: Building the container from a Dockerfile...
    default: Sending build context to Docker daemon   7.68kB
    default: Step 1/7 : FROM centos:6.9
    default:  ---> 573de66f263e
    default: Step 2/7 : RUN set -x     && yum update -y     && yum install -y sudo python openssh-server vim     && useradd vagrant --create-home --user-group     && service sshd start
    default:  ---> Running in 2d5733359d76
    default: The command '/bin/sh -c set -x     && yum update -y     && yum install -y sudo python openssh-server vim     && useradd vagrant --create-home --user-group     && service sshd start' returned a non-zero code: 139
A Docker command executed by Vagrant didn't complete successfully!
The command run along with the output from the command is shown
below.

Command: ["docker", "build", "/home/work/work/mowst/work/vagrant/docker", {:notify=>[:stdout, :stderr]}]

Stderr: The command '/bin/sh -c set -x     && yum update -y     && yum install -y sudo python openssh-server vim     && useradd vagrant --create-home --user-group     && service sshd start' returned a non-zero code: 139

Stdout: Sending build context to Docker daemon   7.68kB
Step 1/7 : FROM centos:6.9
 ---> 573de66f263e
Step 2/7 : RUN set -x     && yum update -y     && yum install -y sudo python openssh-server vim     && useradd vagrant --create-home --user-group     && service sshd start
 ---> Running in 2d5733359d76

Telling Docker only to build the image, from its dedicated directory where stands the Dockerfile, fails with following output:

 % cd vagrant/docker
 % docker build .                                                                                                                                                  
Sending build context to Docker daemon   7.68kB                                                                                                                    
Step 1/7 : FROM centos:6.9                                                                                                                                         
 ---> 573de66f263e                                                                                                                                                 
Step 2/7 : RUN set -x     && yum update -y     && yum install -y sudo python openssh-server vim     && useradd vagrant --create-home --user-group     && service sshd start
 ---> Running in 5ec19f7893f5                                                                                                                                      
The command '/bin/sh -c set -x     && yum update -y     && yum install -y sudo python openssh-server vim     && useradd vagrant --create-home --user-group     && service sshd start' returned a non-zero code: 139

Here's the full Dockerfile:

FROM centos:6.9                                                                                                                                                    

RUN set -x \
    && yum update -y \
    && yum install -y sudo python openssh-server vim \
    #&& groupadd sudo \
    #&& useradd vagrant --create-home --user-group --groups sudo,wheel
    && useradd vagrant --create-home --user-group \
    && service sshd start
    #&& sed -i.bkp -e \
    #        's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' \
    #        /etc/sudoers

RUN echo 'root:root' | chpasswd
RUN echo 'vagrant:vagrant' | chpasswd
RUN mkdir /home/vagrant/.ssh \
    && chmod 700 /home/vagrant/.ssh
ADD vagrant_keys/vagrant.pub /home/vagrant/.ssh/authorized_keys
RUN chown -R vagrant:vagrant /home/vagrant/.ssh

[cpuguy83]

Does this have yum-plugin-ovl installed? (in the image)

[vincent-ferotin]

Since the image is built from directly from https://hub.docker.com/_/centos/ and given that I couldn't find any yum-ovl bin in its /usr/bin directory, I think this package is not installed. But how to be sure?

[cpuguy83]

Try to yum install yum-plugin-ovl. Was your older setup using AUFS instead of overlay2?

[vincent-ferotin]

Mmh, I probably don't understand how installing yum-plugin-ovl, since I'm very new to Docker. I tried to insert a RUN yum install -y yum-plugin-ovl in second line of the Dockerfile, but, of course, it fails with same error:

 % docker build .                                                                                                                                                  
Sending build context to Docker daemon  20.48kB                                                                                                                    
Step 1/8 : FROM centos:6.9                                                                                                                                         
 ---> 573de66f263e                                                                                                                                                 
Step 2/8 : RUN yum install -y yum-plugin-ovl
 ---> Running in 7f21e5af6aa1                                                                                                                                      
The command '/bin/sh -c yum install -y yum-plugin-ovl' returned a non-zero code: 139

Regarding your ask about AUFS/overlay2, I couldn't answer: this is some very too advanced options for the newbe I am, sorry! I think these options are not accessible through Vagrantfile...

[cpuguy83]

Hmm, it may be unrelated. I see yum-plugin is installed by default in the centos:6.9 image.

ping @justincormack re: 4.11 failures.

[vincent-ferotin]

I've tested all versions of CentOS images, and the result is: all 6.x failed, all 7.y.z succeeded: modifying first Dockerfile line FROM centos:XX:

• FROM centos:6.9 # FAILS
• FROM centos:6.8 # FAILS
• FROM centos:6.7 # FAILS
• FROM centos:6.6 # FAILS
• FROM centos:7.3.1611 # WORKS
• FROM centos:7.2.1511 # WORKS
• FROM centos:7.1.1503 # WORKS
• FROM centos:7.0.1406 # WORKS

[thaJeztah]

yum plugins can be disabled by default; check if they're enabled; https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Yum_Plugins.html

the ovl plugin is needed if you want to use yum on a system using overlay file system. Possibly it's enabled by default on the 7.x versions, and disabled by default on 6.x

[vincent-ferotin]

The problem is that running docker run -i -t centos:6.9 /bin/bash (to examine the system) shutdowns the container immediately, given no shell -- whereas running docker run -i -t centos:7 /bin/bash works as expected... This behavior is similar if instead I use a minimal Dockerfile as follows:

FROM centos:6.9
CMD ["/bin/bash"]

[vincent-ferotin]

Running on Linux 4.9.30+deb9u2, docker run -i -t centos:6.9 /bin/bash allows to connect through tty, and then:

# yum info yum
Loaded plugins: fastestmirror, ovl
base                                                                                                                                         | 3.7 kB     00:00     
base/primary_db                                                                                                                              | 4.7 MB     00:00     
extras                                                                                                                                       | 3.4 kB     00:00     
extras/primary_db                                                                                                                            |  29 kB     00:00     
updates                                                                                                                                      | 3.4 kB     00:00     
updates/primary_db                                                                                                                           | 1.9 MB     00:00     
Installed Packages
Name        : yum
Arch        : noarch
Version     : 3.2.29
Release     : 81.el6.centos
Size        : 4.6 M
Repo        : installed
From repo   : CentOS
Summary     : RPM package installer/updater/manager
URL         : http://yum.baseurl.org/
License     : GPLv2+
Description : Yum is a utility that can check for and automatically download and
            : install updated RPM packages. Dependencies are obtained and downloaded
            : automatically, prompting the user for permission as necessary.

[vincent-ferotin]

(Updated issue description with some material from above comments)

[thaJeztah]

So, yes, on a default (4.9) Debian Stretch kernel, it all seems to work.

Client:
 Version:      17.06.0-ce
 API version:  1.30
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:17:22 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.06.0-ce
 API version:  1.30 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:16:12 2017
 OS/Arch:      linux/amd64
 Experimental: false

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 3
Server Version: 17.06.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-3-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.957GiB
Name: debian-2gb-sfo2-01
ID: DNN3:J4VI:DJUB:JF7Q:AG74:NZBO:NKFM:TDEQ:KC4H:QHTS:QSAO:YG3H
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

uname -a
4.9.0-3-amd64 #1 SMP Debian 4.9.30-2 (2017-06-12) x86_64 GNU/Linux

running:

docker build -t repro-58 -<<EOF
FROM centos:6.9
RUN yum update -y
CMD ["/bin/bash"]
EOF

Works correctly;

```bash docker build -t repro-58 -< FROM centos:6.9 > RUN yum update -y > CMD ["/bin/bash"] > EOF Sending build context to Docker daemon 2.048kB Step 1/3 : FROM centos:6.9 6.9: Pulling from library/centos 02901d68ac03: Pull complete Digest: sha256:a23bced61701af9a0a758e94229676d9f09996a3ff0f3d26955b06bac8c282e0 Status: Downloaded newer image for centos:6.9 ---> 573de66f263e Step 2/3 : RUN yum update -y ---> Running in 1c0f2d3bac68 Loaded plugins: fastestmirror, ovl Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package bind-libs.x86_64 32:9.8.2-0.62.rc1.el6 will be updated ---> Package bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.4 will be an update ---> Package bind-utils.x86_64 32:9.8.2-0.62.rc1.el6 will be updated ---> Package bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.4 will be an update ---> Package binutils.x86_64 0:2.20.51.0.2-5.46.el6 will be updated ---> Package binutils.x86_64 0:2.20.51.0.2-5.47.el6_9.1 will be an update ---> Package ca-certificates.noarch 0:2016.2.10-65.4.el6 will be updated ---> Package ca-certificates.noarch 0:2017.2.14-65.0.1.el6_9 will be an update ---> Package curl.x86_64 0:7.19.7-52.el6 will be updated ---> Package curl.x86_64 0:7.19.7-53.el6_9 will be an update ---> Package glibc.x86_64 0:2.12-1.209.el6 will be updated ---> Package glibc.x86_64 0:2.12-1.209.el6_9.2 will be an update ---> Package glibc-common.x86_64 0:2.12-1.209.el6 will be updated ---> Package glibc-common.x86_64 0:2.12-1.209.el6_9.2 will be an update ---> Package libcurl.x86_64 0:7.19.7-52.el6 will be updated ---> Package libcurl.x86_64 0:7.19.7-53.el6_9 will be an update ---> Package nss.x86_64 0:3.27.1-13.el6 will be updated ---> Package nss.x86_64 0:3.28.4-3.el6_9 will be an update ---> Package nss-sysinit.x86_64 0:3.27.1-13.el6 will be updated ---> Package nss-sysinit.x86_64 0:3.28.4-3.el6_9 will be an update ---> Package nss-tools.x86_64 0:3.27.1-13.el6 will be updated ---> Package nss-tools.x86_64 0:3.28.4-3.el6_9 will be an update ---> Package nss-util.x86_64 0:3.27.1-3.el6 will be updated ---> Package nss-util.x86_64 0:3.28.4-1.el6_9 will be an update ---> Package procps.x86_64 0:3.2.8-45.el6 will be updated ---> Package procps.x86_64 0:3.2.8-45.el6_9.1 will be an update ---> Package tzdata.noarch 0:2016j-1.el6 will be updated ---> Package tzdata.noarch 0:2017b-1.el6 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: bind-libs x86_64 32:9.8.2-0.62.rc1.el6_9.4 updates 892 k bind-utils x86_64 32:9.8.2-0.62.rc1.el6_9.4 updates 189 k binutils x86_64 2.20.51.0.2-5.47.el6_9.1 updates 2.8 M ca-certificates noarch 2017.2.14-65.0.1.el6_9 updates 1.3 M curl x86_64 7.19.7-53.el6_9 updates 197 k glibc x86_64 2.12-1.209.el6_9.2 updates 3.8 M glibc-common x86_64 2.12-1.209.el6_9.2 updates 14 M libcurl x86_64 7.19.7-53.el6_9 updates 169 k nss x86_64 3.28.4-3.el6_9 updates 879 k nss-sysinit x86_64 3.28.4-3.el6_9 updates 51 k nss-tools x86_64 3.28.4-3.el6_9 updates 447 k nss-util x86_64 3.28.4-1.el6_9 updates 68 k procps x86_64 3.2.8-45.el6_9.1 updates 219 k tzdata noarch 2017b-1.el6 updates 455 k Transaction Summary ================================================================================ Upgrade 14 Package(s) Total download size: 26 M Downloading Packages: -------------------------------------------------------------------------------- Total 23 MB/s | 26 MB 00:01 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) Package: centos-release-6-9.el6.12.3.x86_64 (@CentOS/6.9) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : tzdata-2017b-1.el6.noarch 1/28 Updating : glibc-2.12-1.209.el6_9.2.x86_64 2/28 Updating : glibc-common-2.12-1.209.el6_9.2.x86_64 3/28 Updating : nss-util-3.28.4-1.el6_9.x86_64 4/28 Updating : nss-sysinit-3.28.4-3.el6_9.x86_64 5/28 Updating : nss-3.28.4-3.el6_9.x86_64 6/28 Updating : libcurl-7.19.7-53.el6_9.x86_64 7/28 Updating : 32:bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64 8/28 Updating : 32:bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64 9/28 Updating : curl-7.19.7-53.el6_9.x86_64 10/28 Updating : nss-tools-3.28.4-3.el6_9.x86_64 11/28 Updating : binutils-2.20.51.0.2-5.47.el6_9.1.x86_64 12/28 Updating : procps-3.2.8-45.el6_9.1.x86_64 13/28 Updating : ca-certificates-2017.2.14-65.0.1.el6_9.noarch 14/28 Cleanup : curl-7.19.7-52.el6.x86_64 15/28 Cleanup : libcurl-7.19.7-52.el6.x86_64 16/28 Cleanup : nss-tools-3.27.1-13.el6.x86_64 17/28 Cleanup : nss-3.27.1-13.el6.x86_64 18/28 Cleanup : nss-sysinit-3.27.1-13.el6.x86_64 19/28 Cleanup : 32:bind-utils-9.8.2-0.62.rc1.el6.x86_64 20/28 Cleanup : 32:bind-libs-9.8.2-0.62.rc1.el6.x86_64 21/28 Cleanup : nss-util-3.27.1-3.el6.x86_64 22/28 Cleanup : procps-3.2.8-45.el6.x86_64 23/28 Cleanup : binutils-2.20.51.0.2-5.46.el6.x86_64 24/28 Cleanup : ca-certificates-2016.2.10-65.4.el6.noarch 25/28 Cleanup : glibc-common-2.12-1.209.el6.x86_64 26/28 Cleanup : glibc-2.12-1.209.el6.x86_64 27/28 Cleanup : tzdata-2016j-1.el6.noarch 28/28 Verifying : binutils-2.20.51.0.2-5.47.el6_9.1.x86_64 1/28 Verifying : nss-util-3.28.4-1.el6_9.x86_64 2/28 Verifying : procps-3.2.8-45.el6_9.1.x86_64 3/28 Verifying : nss-sysinit-3.28.4-3.el6_9.x86_64 4/28 Verifying : curl-7.19.7-53.el6_9.x86_64 5/28 Verifying : 32:bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64 6/28 Verifying : glibc-common-2.12-1.209.el6_9.2.x86_64 7/28 Verifying : tzdata-2017b-1.el6.noarch 8/28 Verifying : libcurl-7.19.7-53.el6_9.x86_64 9/28 Verifying : glibc-2.12-1.209.el6_9.2.x86_64 10/28 Verifying : ca-certificates-2017.2.14-65.0.1.el6_9.noarch 11/28 Verifying : 32:bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64 12/28 Verifying : nss-3.28.4-3.el6_9.x86_64 13/28 Verifying : nss-tools-3.28.4-3.el6_9.x86_64 14/28 Verifying : nss-3.27.1-13.el6.x86_64 15/28 Verifying : procps-3.2.8-45.el6.x86_64 16/28 Verifying : ca-certificates-2016.2.10-65.4.el6.noarch 17/28 Verifying : libcurl-7.19.7-52.el6.x86_64 18/28 Verifying : 32:bind-utils-9.8.2-0.62.rc1.el6.x86_64 19/28 Verifying : nss-util-3.27.1-3.el6.x86_64 20/28 Verifying : tzdata-2016j-1.el6.noarch 21/28 Verifying : 32:bind-libs-9.8.2-0.62.rc1.el6.x86_64 22/28 Verifying : glibc-common-2.12-1.209.el6.x86_64 23/28 Verifying : curl-7.19.7-52.el6.x86_64 24/28 Verifying : nss-tools-3.27.1-13.el6.x86_64 25/28 Verifying : binutils-2.20.51.0.2-5.46.el6.x86_64 26/28 Verifying : nss-sysinit-3.27.1-13.el6.x86_64 27/28 Verifying : glibc-2.12-1.209.el6.x86_64 28/28 Updated: bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.4 bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.4 binutils.x86_64 0:2.20.51.0.2-5.47.el6_9.1 ca-certificates.noarch 0:2017.2.14-65.0.1.el6_9 curl.x86_64 0:7.19.7-53.el6_9 glibc.x86_64 0:2.12-1.209.el6_9.2 glibc-common.x86_64 0:2.12-1.209.el6_9.2 libcurl.x86_64 0:7.19.7-53.el6_9 nss.x86_64 0:3.28.4-3.el6_9 nss-sysinit.x86_64 0:3.28.4-3.el6_9 nss-tools.x86_64 0:3.28.4-3.el6_9 nss-util.x86_64 0:3.28.4-1.el6_9 procps.x86_64 0:3.2.8-45.el6_9.1 tzdata.noarch 0:2017b-1.el6 Complete! ---> 7ba6b9be05a1 Removing intermediate container 1c0f2d3bac68 Step 3/3 : CMD /bin/bash ---> Running in ffcbd2abe72f ---> 2a14539ca11d Removing intermediate container ffcbd2abe72f Successfully built 2a14539ca11d Successfully tagged repro-58:latest ```

Is there a specific reason you're switching to a different kernel>?

[vincent-ferotin]

Well, my distro is Debian testing, and new 4.11 kernel (https://packages.debian.org/buster/linux-image-4.11.0-1-amd64) was introduced recently. Do you think I should also fill a bug report on Debian bugtracker?

[thaJeztah]

Ah! Sorry, missed that you were on testing. Would be good to have more clarity as to what the root cause is; could be due to changes in overlayfs in the kernel.

ping @rn @justincormack anything that came up in testing for LinuxKit?

[justincormack]

This is probably related to the changes in vsyscall linking in the 4.11 kernel. Try booting the kernel with vsyscall=emulate and see if it helps. This does run ok under the linuxkit 4.11 kernel config without issues, so it is to do with the config.

cc @ijc

[vincent-ferotin]

Hi, specifying this command in /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="vsyscall=emulate"

permits to successfully run docker build . and docker run -t -i centos:6.9 /bin/bash! Thanks a lot :-)

[thaJeztah]

Perhaps we should add a check to the check-config.sh script https://github.com/moby/moby/blob/master/contrib/check-config.sh

@justincormack wdyt?

@vincent-verotin perhaps you're interested in contributing, and opening a pull request for that?

[justincormack]

There already is one...

On 14 Jul 2017 8:38 am, "Sebastiaan van Stijn" notifications@github.com wrote:

Perhaps we should add a check to the check-config.sh script https://github.com/moby/moby/blob/master/contrib/check-config.sh

@justincormack https://github.com/justincormack wdyt?

@vincent-verotin perhaps you're interested in contributing, and opening a pull request for that?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker/for-linux/issues/58#issuecomment-315293255, or mute the thread https://github.com/notifications/unsubscribe-auth/AAdcPHW7ikpc6DQoFhxZusTdXH6F7Ybsks5sNxrhgaJpZM4OUMgJ .

[justincormack]

@thaJeztah see https://github.com/moby/moby/blob/master/contrib/check-config.sh#L230

[thaJeztah]

Oh, ha!

I think it's safe to close this issue then; nothing else to be done 👍

[vincent-ferotin]

Just to be sure to fully understand, which behavior does additional check in check_config.sh introduce? In fine, does Docker will run out-of-the-box for Linux Kernel 4.11 with Centos 6.x images, or the configuration of the kernel pointed by justincormack will be needed -- forever?

[justincormack]

Debian has decided to enable this option in their 4.11 kernel, although did this before and reverted it. So you will need this option forever, yes. I doubt that Red Hat will enable it on their kernels, not sure about other vendors.

The reason is that it is a security risk enabling it, and an environment running only modern code does not need it. It is fairly unusual for Linux distros to break old applications, but the kernel boot option does give you an override.

On 15 Jul 2017 10:16 am, "vincent-ferotin" notifications@github.com wrote:

Just to be sure to fully understand, which behavior does additional check in check_config.sh introduce? In fine, does Docker will run out-of-the-box for Linux Kernel 4.11 with Centos 6.x images, or the configuration of the kernel pointed by justincormack will be needed -- forever?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker/for-linux/issues/58#issuecomment-315521640, or mute the thread https://github.com/notifications/unsubscribe-auth/AAdcPKDDTBs3P7JhYlDhPwdBNJnasSxnks5sOINxgaJpZM4OUMgJ .

[vincent-ferotin]

Thanks for the clarification!

[jacobmetrick]

Hi @vincent-ferotin , I noticed in the comment here that you were able to fix this issue by updating the /etc/default/grub file. How can this be done in a dockerfile? Do you have an example/gist of this that I could see?

[ingwinlu]

@jacobmetrick you can't. you have to change it on the host system

[CTimmerman]

To debug error 139, break up your RUN line into multiple RUN lines so you know which command fails. In my case i had to COPY a file into the instance before trying to RUN it:

COPY blueprint/src/main/python/setup.py setup.py
RUN python setup.py

[openocuser]

Hi All,

We have a Docker file for Clam-av (anti virus scan for uploaded files). It is build on top of spring boot API. Docker File has the following commands:

FROM mkodockx/docker-clamav:latest 

MAINTAINER lokori <antti.virtanen@iki.fi> 
#RUN echo "deb http://ftp.de.debian.org/debian jessie-backports main" >> /etc/apt/sources.list 

RUN apt-get update && apt install -t jessie-backports -y openjdk-8-jdk ca-certificates-java 
# Set environment variables. 

ENV HOME /root 
# Get the JAR file CMD mkdir /var/clamav-rest 

COPY target/clamav-rest-1.0.2.jar /var/clamav-rest/ 
# Define working directory. 
WORKDIR /var/clamav-rest/ 
# Open up the server 
EXPOSE 8082
ADD bootstrap.sh /bootstrap2.sh 
ENTRYPOINT ["/bootstrap2.sh"]

============================= From the above lines mkdir is not creating directory and it is not showing any error messages. Please share your experiences if you have faced similar issues. I am using the following Linux distribution. SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 GNU/Linux

Thanks in advance

[VeselaHouba]

In case someone stumbles on this closed issue, here's quick howto: Description: centos:6 docker image fails to start, no output given. Workaround: append vsyscall=emulate to line GRUB_CMDLINE_LINUX_DEFAULT in your /etc/default/grub. E.g.

GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0 systemd.show_status=true elevator=noop console=tty1 console=ttyS0 vsyscall=emulate"

then update grub update-grub and reboot host machine reboot