Cannot start service hydraplay: failed to create shim task

[Vligsu]

Hello Mario, many thanks for this amazing project! I am setting it up to replace regular mopidy+snapcast setup. The next error I'm dealing with is: ERROR: for hydraplay Cannot start service hydraplay: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: unable to apply caps: operation not permitted: unknown

Steps that led to the error: git clone https://github.com/mariolukas/HydraPlay cd HydraPlay/ copy and rename hydra.example.json to hydra.private.json change path to local media in hydra.private.json docker-compose up Error full text:

root@test-debian-hydra ~/HydraPlay# docker-compose up
Starting hydraplay ... error

ERROR: for hydraplay  Cannot start service hydraplay: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: unable to apply caps: operation not permitted: unknown

ERROR: for hydraplay  Cannot start service hydraplay: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: unable to apply caps: operation not permitted: unknown
ERROR: Encountered errors while bringing up the project.

My setup is: amd64 HW docker-compose version 1.21.0, build 5920eb0 Docker version 20.10.23, build 7155243 Debian 11 in a privileged Linux container on Proxmox from a template debian-11-turnkey-core_17.1-1 Nesting and CIFS enabled Portainer 2.16.2

Given basic search results like https://stackoverflow.com/questions/72695311/failure-starting-docker-container-failed-to-create-shim-task-oci-runtime-crea, I guess it has to do something with permissions and Debian sudo-less model. However, I can't (yet) figure out on my own ho to fix it. Maybe you already encountered this error? Could you please help me on this one?

[mariolukas]

Looks like it is a docker issue. I just did a quick search and the results show that an error like this can be caused by different things, mostly related to the docker engine. Have you tired to prune your docker configuration? Maybe the image is broken.

[Vligsu]

I created a new container. Here only the delta in my setup: docker-compose version v2.15.1 The error above is still observed. No other errors are visible. I'll continue analyzing tomorrow.

Are there any requirements on under which user docker-compose up should be executed? Do the HydraPlay files ownership and permissions have any impact?

Update. The error is actually a bit different this time:

root@test-debian-hydra /home/HydraPlay# docker-compose up
Attaching to hydraplay
Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: unable to apply caps: operation not permitted: unknown

[Vligsu]

Solved!

Cause:. Default security settings in Proxmox towards privileged LXC. Solution. Add to /etc/pve/lxc/<id>.conf following lines:

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

where id is the container ID.

Source: Docker inside LXC starting container process caused "apply caps: operation not permitted"

@mariolukas, thank you for point out to Docker. And thanks again for this truly great project and easy (way more easy than original mopidy+snapcast) way to deploy he whole bundle!

[mariolukas]

thank you for the feedback.