Docker daemon fails with following output

[HanJoHibender]

This bug-tracker is monitored by developers and other technical types. We like detail! So please use this form and tell us, concisely but precisely, what's up. Please fill out ALL THE FIELDS!

If you have a feature request, please post to the UserVoice. If you're reporting a BSOD, don't post here! Instead, e-mail "secure@microsoft.com", and if possible attach the minidump from "C:\Windows\minidump\".

• Your Windows build number: (Type ver at a Windows Command Prompt)

• What you're doing and what's happening: (Copy&paste specific commands and their output, or include screen shots)

• What's wrong / what should be happening instead:

• Strace of the failing command, if applicable: (If <cmd> is failing, then run strace -o strace.txt -ff <cmd>, and post the strace.txt output here)

See our contributing instructions for assistance.

[atniomn]

@ZombineDev

Ubuntu 18.04.2 LTS Windows 1809 17763.348

Docker 18.03.0 gave me : docker: Error response from daemon: transport is closing: unknown.

Docker 17.12.0 worked for me, though. I added artful and xenial to my /etc/apt/sources.list: deb [arch=amd64] https://download.docker.com/linux/ubuntu artful stable deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable

I kept trying different versions of docker until I was able to start the docker daemon and run hello-world.

[jkasten2]

It seems docker-ce-cli 18.03.1 is not available through apt any more, only 18.09 versions for Ubuntu 18.04 (Bionic).

apt list -a docker-ce-cli
docker-ce-cli/bionic 5:18.09.3~3-0~ubuntu-bionic amd64
docker-ce-cli/bionic 5:18.09.2~3-0~ubuntu-bionic amd64
docker-ce-cli/bionic 5:18.09.1~3-0~ubuntu-bionic amd64
docker-ce-cli/bionic 5:18.09.0~3-0~ubuntu-bionic amd64

However I was able to download the exact version here; https://download.docker.com/linux/static/stable/x86_64/ Then followed this guide: https://docs.docker.com/install/linux/docker-ce/binaries/

I was able to start dockerd successful with this, however it did get some warnings;

INFO[0001] Graph migration to content-addressability took 0.00 seconds
WARN[0001] Your kernel does not support cgroup memory limit
WARN[0001] Unable to find cpu cgroup in mounts
WARN[0001] Unable to find blkio cgroup in mounts
WARN[0001] Unable to find cpuset cgroup in mounts
WARN[0001] mountpoint for pids not found
INFO[0001] Loading containers: start.
WARN[0001] Running modprobe nf_nat failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'
modprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1
WARN[0001] Running modprobe xt_conntrack failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'
modprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1
WARN[0001] Could not load necessary modules for IPSEC rules: Running modprobe xfrm_user failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'
modprobe: WARNING: Module xfrm_user not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1

After this I was able to run docker run --rm hello-world just fine too.

docker-compose unfortunately it can't configure iptables on WSL yet. I know can disable docker from managing iptables but then my containers can't make any network calls. Maybe some other config of iptables than what docker is running will be compatible with WSL? Or someway to just bridge instead of going thought a nat? The Module nf_nat not found above probably the cause of why iptable command fail. Sounds like we will have to wait until this is implemented in WSL for most setups that depend on docker-compose to work. https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/32025199-support-iptables

[F21]

For those looking for a complete guide to run the docker daemon within WSL, see: https://medium.com/devopslinks/docker-running-seamlessly-in-windows-subsystem-linux-6ef8412377aa

I have not tried it myself yet, but I would love to get rid of Docker for Windows and run the daemon directly in WSL once support improves.

[WSLUser]

Install Docker for Windows and PengWin (formerly known as Wlinux), it will automatically install and create the connections either via AF_Unix or npiperelay(if your version of Windows doesn't support AF_Unix) in the setup script. The engine is on Windows but you can manage everything from WSL. Even the Docker folks are looking at using AF_Unix on Windows now.

[sunnychanwork]

@WSLUser Docker for Windows requires a HyperV VM to run the container and in enterprise environment they generally disable running VMs because of security. So ideally if we can run Docker inside WSL without and need for VM that would be much better.

[six7]

For those looking for a complete guide to run the docker daemon within WSL, see: https://medium.com/devopslinks/docker-running-seamlessly-in-windows-subsystem-linux-6ef8412377aa

I have not tried it myself yet, but I would love to get rid of Docker for Windows and run the daemon directly in WSL once support improves.

tried to get docker working natively in wsl with that guide, hello-world runs but i get stuck at iptables with a more complex project.

Error response from daemon: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.21.0.0/16 ! -o br-4a3a08f01043 -j MASQUERADE: iptables: No chain/target/match by that name. (exit status 1)) Docker version 17.09.0-ce, build afdb6d4 Ubuntu 16.04.5 LTS

[TerraVenil]

@six7 you can try to run Docker daemon with parameter --iptables=false.

[Weiping1992]

Hi, I also try to get docker inside WSL. I have Windows 10 - 1803 / 17134.345 and a fresh Ubuntu 18.04 installed. I have added docker-ce repository and installed the default (latest) version :

$ docker --version
Docker version 18.09.0, build 4d60db4

But the service doesn't start (see in docker.log) :

time="2018-11-13T11:38:29.077042500+01:00" level=warning msg="Your kernel does not support cgroup memory limit"
time="2018-11-13T11:38:29.077067400+01:00" level=warning msg="Unable to find cpu cgroup in mounts"
time="2018-11-13T11:38:29.077084000+01:00" level=warning msg="Unable to find blkio cgroup in mounts"
time="2018-11-13T11:38:29.077099000+01:00" level=warning msg="Unable to find cpuset cgroup in mounts"
time="2018-11-13T11:38:29.077148400+01:00" level=warning msg="mountpoint for pids not found"
time="2018-11-13T11:38:29.096337700+01:00" level=warning msg="Running modprobe nf_nat failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1"
time="2018-11-13T11:38:29.116342900+01:00" level=warning msg="Running modprobe xt_conntrack failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1"
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)
time="2018-11-13T11:46:13.667046400+01:00" level=warning msg="Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior" dir=/var/lib/docker error="could not setup daemon root propagation to shared: invalid argument"

I hope their will be a true support in WSL one day :)

I got the same problem. How could I fix it? My windows is Windows 10 - 1803 / 17134, docker version is Docker version 18.09.3, build 774a1f4. Error message is:

Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

[mikereiche]

I've gone through the various issues and solutions for running docker on WSL and have arrived here. I'm not able to run hello-world.
I don't know if any of the messages in docker.log indicate the underlying issue.

---

PS C:\WINDOWS\system32> cmd /c version 'version' is not recognized as an internal or external command, operable program or batch file. PS C:\WINDOWS\system32> cmd /c ver

Microsoft Windows [Version 10.0.17763.402] PS C:\WINDOWS\system32> ubuntu mreiche@mreiche_10:~$ sudo cgroupfs-mount [sudo] password for mreiche: mreiche@mreiche_10:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.2 LTS Release: 18.04 Codename: bionic mreiche@mreiche_10:~$ docker info Containers: 9 Running: 0 Paused: 0 Stopped: 9 Images: 2 Server Version: 18.09.2 Storage Driver: overlay2 Backing Filesystem: Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec init version: v0.18.0 (expected: fec3683b971d9c3ef73f284f176672c44b448662) Kernel Version: 4.4.0-17763-Microsoft Operating System: Ubuntu 18.04.2 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 15.43GiB Name: mreiche_10 ID: SS7T:QHDO:QLX6:RJ5A:LL4R:O3JN:STM3:CZLL:JGTG:GO6Y:YIAL:3GFF Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

WARNING: API is accessible on http://0.0.0.0:2375 without encryption. Access to the remote API is equivalent to root access on the host. Refer to the 'Docker daemon attack surface' section in the documentation for more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface WARNING: No memory limit support WARNING: No swap limit support WARNING: No kernel memory limit support WARNING: No oom kill disable support WARNING: No cpu cfs quota support WARNING: No cpu cfs period support WARNING: No cpu shares support WARNING: No cpuset support mreiche@mreiche_10:~$ sudo docker -H $DOCKER_HOST run hello-world docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:297: getting the final child's pid from pipe caused \"EOF\"": unknown. ERRO[0012] error waiting for container: context canceled mreiche@mreiche_10:~$ tail -60 /var/log/docker.log time="2019-03-27T11:18:37.853616200-07:00" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1 time="2019-03-27T11:18:37.855020600-07:00" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1 time="2019-03-27T11:18:37.855204400-07:00" level=info msg="loading plugin "io.containerd.internal.v1.restart"..." type=io.containerd.internal.v1 time="2019-03-27T11:18:37.855365100-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.855496100-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.855579700-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.855661500-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.855742400-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.855830500-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.855955800-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.856038100-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.856120200-07:00" level=info msg="loading plugin "io.containerd.internal.v1.opt"..." type=io.containerd.internal.v1 time="2019-03-27T11:18:37.856504000-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.856686400-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.856777500-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.856879900-07:00" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1 time="2019-03-27T11:18:37.868627100-07:00" level=info msg=serving... address="/var/run/docker/containerd/docker-containerd-debug.sock" time="2019-03-27T11:18:37.874913000-07:00" level=warning msg="grpc: addrConn.createTransport failed to connect to {unix:///var/run/docker/containerd/docker-containerd.sock 0 }. Err :connection error: desc = \"transport: error while dialing: dial unix /var/run/docker/containerd/docker-containerd.sock: connect: connection refused\". Reconnecting..." module=grpc time="2019-03-27T11:18:37.875252200-07:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420757df0, TRANSIENT_FAILURE" module=grpc time="2019-03-27T11:18:37.876785400-07:00" level=info msg=serving... address="/var/run/docker/containerd/docker-containerd.sock" time="2019-03-27T11:18:37.876988400-07:00" level=info msg="containerd successfully booted in 0.144164s" time="2019-03-27T11:18:38.637633100-07:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420757df0, CONNECTING" module=grpc time="2019-03-27T11:18:38.639696700-07:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420757df0, READY" module=grpc time="2019-03-27T11:18:38.662437900-07:00" level=info msg="parsed scheme: \"unix\"" module=grpc time="2019-03-27T11:18:38.662659800-07:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc time="2019-03-27T11:18:38.663003400-07:00" level=info msg="parsed scheme: \"unix\"" module=grpc time="2019-03-27T11:18:38.663137200-07:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc time="2019-03-27T11:18:38.663104600-07:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///var/run/docker/containerd/docker-containerd.sock 0 }]" module=grpc time="2019-03-27T11:18:38.663784900-07:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc time="2019-03-27T11:18:38.663932400-07:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42080bb00, CONNECTING" module=grpc time="2019-03-27T11:18:38.664061600-07:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///var/run/docker/containerd/docker-containerd.sock 0 }]" module=grpc time="2019-03-27T11:18:38.664187100-07:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc time="2019-03-27T11:18:38.664389800-07:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42016ee10, CONNECTING" module=grpc time="2019-03-27T11:18:38.664538000-07:00" level=info msg="blockingPicker: the picked transport is not ready, loop back to repick" module=grpc time="2019-03-27T11:18:38.666621300-07:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42080bb00, READY" module=grpc time="2019-03-27T11:18:38.666681000-07:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42016ee10, READY" module=grpc time="2019-03-27T11:18:38.786909300-07:00" level=info msg="[graphdriver] using prior storage driver: overlay2" time="2019-03-27T11:18:38.977405500-07:00" level=info msg="Graph migration to content-addressability took 0.00 seconds" time="2019-03-27T11:18:38.978133500-07:00" level=warning msg="Your kernel does not support cgroup memory limit" time="2019-03-27T11:18:38.978253000-07:00" level=warning msg="Unable to find cpu cgroup in mounts" time="2019-03-27T11:18:38.978321900-07:00" level=warning msg="Unable to find blkio cgroup in mounts" time="2019-03-27T11:18:38.978406000-07:00" level=warning msg="Unable to find cpuset cgroup in mounts" time="2019-03-27T11:18:38.978572200-07:00" level=warning msg="mountpoint for pids not found" time="2019-03-27T11:18:38.979408100-07:00" level=info msg="Loading containers: start." time="2019-03-27T11:18:40.149751900-07:00" level=warning msg="Running modprobe nf_nat failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17763-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.4.0-17763-Microsoft, error: exit status 1" time="2019-03-27T11:18:40.235356000-07:00" level=warning msg="Running modprobe xt_conntrack failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17763-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.4.0-17763-Microsoft, error: exit status 1" time="2019-03-27T11:18:42.585408300-07:00" level=warning msg="Could not load necessary modules for IPSEC rules: Running modprobe xfrm_user failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17763-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module xfrm_user not found in directory /lib/modules/4.4.0-17763-Microsoft, error: exit status 1" time="2019-03-27T11:18:42.670422000-07:00" level=warning msg="Could not load necessary modules for Conntrack: Running modprobe nf_conntrack failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17763-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module nf_conntrack not found in directory /lib/modules/4.4.0-17763-Microsoft, error: exit status 1" time="2019-03-27T11:18:45.874535100-07:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address" time="2019-03-27T11:18:48.554160000-07:00" level=info msg="Loading containers: done." time="2019-03-27T11:18:48.806864200-07:00" level=info msg="Docker daemon" commit=6247962 graphdriver(s)=overlay2 version=18.09.2 time="2019-03-27T11:18:48.808567800-07:00" level=info msg="Daemon has completed initialization" time="2019-03-27T11:18:48.919056700-07:00" level=info msg="API listen on [::]:2375" time="2019-03-27T11:25:55.042428300-07:00" level=warning msg="Seccomp is not enabled in your kernel, running container without default profile." time="2019-03-27T11:25:55.654363300-07:00" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/525fed47ca9819be82e31cf6a0ce55c0dc338036ac8cdd945f3e6339f57002c2/shim.sock" debug=false pid=5905 time="2019-03-27T11:25:56.496247300-07:00" level=info msg="shim reaped" id=525fed47ca9819be82e31cf6a0ce55c0dc338036ac8cdd945f3e6339f57002c2 time="2019-03-27T11:25:56.553178300-07:00" level=error msg="stream copy error: reading from a closed fifo" time="2019-03-27T11:25:56.553309200-07:00" level=error msg="stream copy error: reading from a closed fifo" time="2019-03-27T11:25:59.919931300-07:00" level=error msg="525fed47ca9819be82e31cf6a0ce55c0dc338036ac8cdd945f3e6339f57002c2 cleanup: failed to delete container from containerd: no such container" time="2019-03-27T11:25:59.920340300-07:00" level=error msg="Handler for POST /v1.39/containers/525fed47ca9819be82e31cf6a0ce55c0dc338036ac8cdd945f3e6339f57002c2/start returned error: OCI runtime create failed: container_linux.go:344: starting container process caused \"process_linux.go:297: getting the final child's pid from pipe caused \\"EOF\\"\": unknown"

[Knedox]

on clean ubuntu 18.04 just run these commands within a privileged bash:

wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -P /tmp/ sudo dpkg -i /tmp/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb sudo apt -y -f install sudo usermod -aG docker $USER sudo apt -y install cgroupfs-mount sudo cgroupfs-mount sudo service docker start

docker run --network host hello-world

[mikereiche]

That worked like a charm. Thank you @Knedox

[tstibbs]

@Knedox's solution appears to work (for me) up to 18.06.1, but not on anything more recent.

However it appears only to work with networking in 'host' mode. Using 'bridge' mode (which is the default) gives me an error failed to add interface veth... to sandbox: failed to get link by name. So back to square one unless your containers don't need to access the outside world AFAICS?

[mikereiche]

Yes. I ended up adding an SSD to my pc and installing Linux on it. ¯_(ツ)_/¯

[ghost]

on clean ubuntu 18.04 just run these commands within a privileged bash:

wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -P /tmp/ sudo dpkg -i /tmp/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb sudo apt -y -f install sudo usermod -aG docker $USER sudo apt -y install cgroupfs-mount sudo cgroupfs-mount sudo service docker start

docker run --network host hello-world

Worked for me! Thank you! (Microsoft Windows [Version 10.0.17134.648] / 4.4.0-17134-Microsoft / Ubuntu 16.04.6 LTS (Xenial Xerus))

[erikhakansson]

Like others have pointed out, running docker 17.09 works. Anything later fails with different errors.

It might be that newer docker versions are using other syscalls not yet implemented by WSL.

Anyone from the WSL team who can comment on that?

[pkit]

wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -P /tmp/
sudo dpkg -i /tmp/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb
sudo apt -y -f install

doesn't work anymore the -f install will overwrite everything with 18.09 and you will get to the same broken state

[lucivskvn]

@Knedox's solution appears to work (for me) up to 18.06.1, but not on anything more recent.

However it appears only to work with networking in 'host' mode. Using 'bridge' mode (which is the default) gives me an error failed to add interface veth... to sandbox: failed to get link by name. So back to square one unless your containers don't need to access the outside world AFAICS?

When I try to use 'bridge' mode it's works but when I try without --network it's don't work , Win 10 1903 Build 18362.86 with Debian 9.7 (Elevated Privilege ) | docker-ce=17.03.3~ce-0~debian-stretch

[nicolas-albert]

I think this issue will be close soon : https://arstechnica.com/gadgets/2019/05/windows-10-will-soon-ship-with-a-full-open-source-gpled-linux-kernel/

[lucivskvn]

I think this issue will be close soon : https://arstechnica.com/gadgets/2019/05/windows-10-will-soon-ship-with-a-full-open-source-gpled-linux-kernel/

I hope it will, I also excited about that news because of that now I use Windows Insider to get the update more faster :)

[Jurigag]

I hope it will also mean that docker-compose will work out of box.

[marco6]

wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -P /tmp/
sudo dpkg -i /tmp/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb
sudo apt -y -f install

doesn't work anymore the -f install will overwrite everything with 18.09 and you will get to the same broken state

I've been able to make it work by changing the sequence to:

wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -P /tmp/
sudo dpkg -i /tmp/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb
sudo usermod -aG docker $USER
sudo apt -y install aufs-tools cgroupfs-mount libltdl7
sudo cgroupfs-mount
sudo service docker start

In my own installation, it works everything, including commands without "--network host" option.

Hope this helps.

[astorath]

In my own installation, it works everything, including commands without "--network host" option.

@marco6 can it run docker run --rm postgres ? On my machine any docker version installed on WSL fails to execute this container.

[marco6]

@astorath No, it doesn't. I've not been using postgres on WSL, but if I try I get:

[26] FATAL: could not map shared memory segment "/PostgreSQL.814799216": Operation not permitted

Is this maybe related to #658 ?

[mhagnumdw]

@Knedox , this works... but...

But I have problems apparently with memory allocation.

[pershoot]

Windows Insider Fast Ring build (>=18917) via WSL2, latest docker/docker-compose is running native in WSL Linux.

wsl -l -v NAME STATE VERSION

• Ubuntu Running 2

$ docker --version Docker version 19.03.1, build 74b1e89

$ service docker status

• Docker is running

$ docker run --network host hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 1b930d010525: Pull complete Digest: sha256:6540fc08ee6e6b7b63468dc3317e3303aae178cb8a45ed3123180328bcc1d20f Status: Downloaded newer image for hello-world:latest

Hello from Docker! This message shows that your installation appears to be working correctly.

...

$ docker-compose up (ip address ---'d out) Creating network "myweb_default" with the default driver Pulling myweb-nginx (nginx:1.17.2-alpine)... 1.17.2-alpine: Pulling from library/nginx 050382585609: Pull complete aa1504bc12ac: Pull complete Digest: sha256:482ead44b2203fa32b3390abdaf97cbdc8ad15c07fb03a3e68d7c35a19ad7595 Status: Downloaded newer image for nginx:1.17.2-alpine Creating myweb_myweb-nginx_1 ... done Attaching to myweb_myweb-nginx_1 myweb-nginx_1 | ---.--.-.- - - [04/Aug/2019:21:14:51 +0000] "GET / HTTP/1.1" 200 108 "-" "curl/7.58.0" "-" ^CGracefully stopping... (press Ctrl+C again to force) Stopping myweb_myweb-nginx_1 ... done

$ docker-compose images Container Repository Tag Image Id Size

myweb_myweb-nginx_1 nginx 1.17.2-alpine 55ceb2abad47 20.2 MB

...

Errors printed (excluding snapshotter): $ grep -i error /var/log/docker.log | grep -v snapshot time="2019-08-04T17:00:53.036690000-04:00" level=warning msg="Running modprobe nf_nat failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.57-microsoft-standard/modules.dep.bin'\nmodprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.19.57-microsoft-standard, error: exit status 1" time="2019-08-04T17:00:53.037697900-04:00" level=warning msg="Running modprobe xt_conntrack failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.57-microsoft-standard/modules.dep.bin'\nmodprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.19.57-microsoft-standard, error: exit status 1" time="2019-08-04T17:14:34-04:00" level=warning msg="Running modprobe nf_nat failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.57-microsoft-standard/modules.dep.bin'\nmodprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.19.57-microsoft-standard, error: exit status 1" time="2019-08-04T17:14:34-04:00" level=warning msg="Running modprobe xt_conntrack failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.57-microsoft-standard/modules.dep.bin'\nmodprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.19.57-microsoft-standard, error: exit status 1"

[FireGhost]

@six7 you can try to run Docker daemon with parameter --iptables=false.

Even better, you should set this parameter in the configuration file /etc/docker/daemon.json like this:

{
  "iptables":false
}

No more docker-compose networking problem :)

[gongbaojid]

@six7 you can try to run Docker daemon with parameter --iptables=false.

Even better, you should set this parameter in the configuration file /etc/docker/daemon.json like this:

{
  "iptables":false
}

No more docker-compose networking problem :)

perfect，it has sovled the problem that starting docker service with error bellow:

Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

[duke-cliff]

on clean ubuntu 18.04 just run these commands within a privileged bash:

wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -P /tmp/ sudo dpkg -i /tmp/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb sudo apt -y -f install sudo usermod -aG docker $USER sudo apt -y install cgroupfs-mount sudo cgroupfs-mount sudo service docker start

docker run --network host hello-world

Thanks, I have been searching solutions even in 2019. The above steps are really helping!

[nirvdrum]

@duke-cliff Were you able to get this working with Windows 10 1909? I followed the same steps + disabling iptables, but I end up with:

Error starting daemon: Error initializing network controller: Error creating default "bridge" network: permission denied

[adamsar]

@nirvdrum Ditto on this - I'm getting the same error with these steps.

[MikeWilcoxMicrosoft]

We installed Docker Desktop for Windows on my Windows 10 w/ WSL Ubuntu 1804.2019 and still receive the error:

$ docker run --network host hello-world docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?. See 'docker run --help'.

[WSLUser]

You probably need npiperelay unless you're running an Insiders build. In that case, you'd need to enable WSL2 if you're trying to run the preview version of Docker Desktop. You can also try Pengwin if not on Insiders. It will automatically try to create a AF Unix socket for connection first before attempting to install npiprelay. If that works, then I'd check the pengwin-setup script under the docker section and see if how you're trying to get ubuntu to run with sockets is the same as how pengwin does it. Alternatively you could run pengwin-setup directly on Ubuntu as it's debian based and the commands should all work out of box.

[nelak]

@MikeWilcoxMicrosoft See this thread for help: https://github.com/docker/for-win/issues/5096 running sudo /mnt/wsl/docker-desktop/docker-desktop-proxy --distro-name Ubuntu --docker-desktop-root /mnt/wsl/docker-desktop You may also need to remove all unused folders here also: /mnt/wsl/docker-desktop-bind-mounts/Ubuntu

[eddie1788]

strace.zip

C:\WINDOWS\system32>ver Microsoft Windows [Version 10.0.17763.1039]

root@:~/.kube# docker ps Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

strace -o strace.txt -ff docker ps Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

[numbworks]

Hey guys,

thank you for this thread! I'm glad I'm not alone in this! Below my experience so far.

I'm running Windows 10 Pro Version 1903 Build 18362:

PS C:\> (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId
1903

C:\>ver
Microsoft Windows [Version 10.0.18362.720]

I perfomed a reset of Ubuntu WLS with the following steps:

Right-click on Ubuntu 18.04 LTS (WLS) icon > More > App Settings > Reset

Then I launched Ubuntu WLS and typed these commands as suggested:

sudo apt-get update
wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb -P /tmp/
sudo dpkg -i /tmp/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb
sudo apt -y -f install
sudo usermod -aG docker $USER
sudo apt -y install cgroupfs-mount
sudo cgroupfs-mount
sudo service docker start

When I type the last one, I get the following "OK" output:

nw@nw:~$ sudo service docker start
 * Starting Docker: docker                                                                                       [ OK ]

But then running "docker ps" returns the following error:

nw@nw:~$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.32/containers/json: dial unix /var/run/docker.sock: connect: permission denied

Running Ubuntu WLS as Administrator doesn't change anything.

If I close Ubuntu WLS and open it again, the error is the one we are discussing in this thread:

nw@nw:~$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Any other suggestion to make docker running in Ubuntu WLS for Windows 10, and get rid of Docker Desktop (which it's a pain when handling data volumes due of permission issues etc)?

[ixalsera]

Found this thread funnily enough because I was having issues starting Docker on a native Linux VM and I think the cgroupfs-mount command should sort it (until now, only a VM reboot has helped), thanks @onomatopellan.

@numbworks , to try help you out here, I don't think you actually have an issue with what you've done/are doing except from one thing: Docker runs as the root user in Linux. It's a little bit of an issue but beyond the scope of this thread. You're starting the Docker daemon with:

sudo systemctl start docker

which is correct and how it should be done (note, I used systemctl here as service is just the older way of doing it; the two do the same thing).

Docker then starts as root, preventing any other user from accessing the daemon. From the excerpt you shared above, you're trying to issue docker ps as your regular nw user, not as root. If you try sudo docker ps you should not have the error:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

or similar about permissions.

This is the same behaviour that occurs on a native Ubuntu install; Docker runs as root and can only be accessed via sudo. From native Ubuntu when issuing just docker ps:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/json: dial unix /var/run/docker.sock: connect: permission denied

You did mention that you tried running Ubuntu WLS as Administrator. Since I'm not familiar with WLS, does that drop you in to the terminal as root or still as your regular user? If the former, then what I've said above probably won't apply, but if it drops you in as nw, then Ubuntu still sees you as non-root and won't let you access the Docker daemon.

EDIT 2: Just realised that you're issuing sudo usermod -aG docker $USER to add yourself to the docker group and avoid having to sudo for Docker commands. My bad, missed that for the first read. This should work perfectly, but you may find that it won't help for your current terminal session and will only be effective once you open a new Ubuntu terminal window. Similar behaviour on native Ubuntu (just tested) whereby the group permissions for docker are only loaded in the next terminal session. See below for my attempt at help for the re-opening issue. :)

EDIT: The second issue you mentioned, you said you closed then reopened Ubuntu WSL and got the following:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Again, I'm not familiar with WSL but I would imagine that this (closing and reopening) is like a reboot of the system? Annoyingly, when Docker is installed, despite installing init scripts, it doesn't enable them for boot. So you'll find that after you run sudo service docker start (or sudo systemctl start docker) Docker seems to run fine. Try issuing sudo systemctl enable docker after that to enable the init scripts. I've been caught by this on native Linux too where Docker wouldn't run after a system reboot.

In either case, try to check if Docker is still running after re-opening Ubuntu WLS by issuing sudo systemctl status docker.

Hope that helps!

[jbcpollak]

I just installed Docker For Windows using the WSL2 on Windows 10 Home - would this issue explain why my app in a Docker container barfs with this error:

what():  PThread::start FATAL: Cannot spawn thread. Error code: 11 (Resource temporarily unavailable)

as far as I can tell without cgroups and systemd all the typical tools to raise the thread limits don't exist.

[kishoregv]

The most important part is dockerd will only run on an elevated console (run as Admin) and cgroup should be always mounted before running the docker daemon.

Just highlighting this note. I have missed it initially. Ensure your WSL terminal is running on elevated console

[zolotarev]

For now I can run sudo dockerd in elevated console. No service started properly. ((

[multiplemonomials]

If you are getting "Error creating default "bridge" network: permission denied", this helped: https://stackoverflow.com/a/59671572/7083698

Basically, I needed /etc/docker/daemon.json to have:

{
  "iptables": false,
  "bridge": "none"
}

[microsoft-github-policy-service[bot]]

This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request.

Thank you!