Error response from daemon: failed to crate shim

[AhegaHOE]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

After freshly installing Ubuntu 20.04 LTS via Strato vServer, Docker and Docker-Compose with the provided documentation. won't start Mailcow up.

Logs

`docker-compose up -d`:

[+] Running 18/20
 ⠿ Network mailcowdockerized_mailcow-network        Created                                                                                                                                                 0.0s
 ⠿ Container mailcowdockerized-unbound-mailcow-1    Started                                                                                                                                                 2.1s
 ⠿ Container mailcowdockerized-redis-mailcow-1      Started                                                                                                                                                 2.1s
 ⠿ Container mailcowdockerized-sogo-mailcow-1       Started                                                                                                                                                 2.5s
 ⠿ Container mailcowdockerized-solr-mailcow-1       Started                                                                                                                                                 2.2s
 ⠿ Container mailcowdockerized-olefy-mailcow-1      Started                                                                                                                                                 1.6s
 ⠿ Container mailcowdockerized-memcached-mailcow-1  Started                                                                                                                                                 1.2s
 ⠿ Container mailcowdockerized-watchdog-mailcow-1   Started                                                                                                                                                 1.4s
 ⠿ Container mailcowdockerized-dockerapi-mailcow-1  Starting                                                                                                                                               14.2s
 ⠿ Container mailcowdockerized-mysql-mailcow-1      Started                                                                                                                                                 6.4s
 ⠿ Container mailcowdockerized-clamd-mailcow-1      Started                                                                                                                                                 6.4s
 ⠿ Container mailcowdockerized-php-fpm-mailcow-1    Started                                                                                                                                                 8.3s
 ⠿ Container mailcowdockerized-postfix-mailcow-1    Starting                                                                                                                                               14.0s
 ⠿ Container mailcowdockerized-dovecot-mailcow-1    Started                                                                                                                                                 9.6s
 ⠿ Container mailcowdockerized-nginx-mailcow-1      Started                                                                                                                                                11.5s
 ⠿ Container mailcowdockerized-rspamd-mailcow-1     Started                                                                                                                                                13.2s
 ⠿ Container mailcowdockerized-ofelia-mailcow-1     Started                                                                                                                                                12.1s
 ⠿ Container mailcowdockerized-netfilter-mailcow-1  Created                                                                                                                                                 0.1s
 ⠿ Container mailcowdockerized-acme-mailcow-1       Started                                                                                                                                                13.9s
 ⠿ Container mailcowdockerized-ipv6nat-mailcow-1    Created                                                                                                                                                 0.0s
Error response from daemon: failed to create shim: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: failed to write "1": write /sys/fs/cgroup/memory/docker/5bb6e061f32c6fbe9a9767f00df8d989db43dc99db67552477af49bbad88738c/memory.oom_control: permission denied: unknown

Steps to reproduce

1. Install Ubuntu 20.04 LTS from Strato
2. Follow the official documentation from mailcow to install everything
3. run docker-compose up -d in /opt/mailcow-dockerized
4. Get error

System information

Question	Answer
My operating system	GNU/Linux
Is Apparmor, SELinux or similar active?	I don't know
Virtualization technology (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	Unknown
Server/VM specifications (Memory, CPU Cores)	40GB RAM, 16 Cores
Docker version (docker version)	20.10.12
docker-compose version (docker-compose version)	v2.12.2
mailcow version (git describe --tags `git rev-list --tags --max-count=1`)	2022-10a
Reverse proxy (custom solution)	NA

Output of git diff origin/master, any other changes to the code? If so, please post them:

Only certs changed

All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn:

Chain INPUT (policy ACCEPT 247 packets, 14109 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  222 68419 DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  222 68419 DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 221 packets, 30341 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
  423  129K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
  209 17697 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
  423  129K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

ip6tables -L -vn:

Chain INPUT (policy ACCEPT 122 packets, 7232 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 452 packets, 48621 bytes)
 pkts bytes target     prot opt in     out     source               destination

iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 97 packets, 5349 bytes)
 pkts bytes target     prot opt in     out     source               destination
  216 10826 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 97 packets, 5349 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0

ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output:

NA

[andryyy]

Hi, they use OpenVZ, which is not supported. You may try to get rid of resource controlling options like oom_kill_disable in docker-compose.yml, but that's a dirty hack. I recommend to switch to eth-services.de with a 10% voucher: MUUUUUH10 :smile: - sorry for shameless advertising.

OpenVZ will always troublesome with mailcow.