Error #3 on host with userns enabled

[sergsadovyi]

Hello. I'm trying to launch zabbix agent on CentOS 7.2 host with enabled user namespaces for docker. And agent container falls with Error #3 message.

docker -v

Docker version 1.11.2, build b9f10c9

docker daemon flags

docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --userns-remap=dcu --storage-driver devicemapper --storage-opt=dm.thinpooldev=/dev/mapper/docker-thinpool --storage-opt dm.use_deferred_removal=true --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic

docker-compose.yml

version: "2"

services:
  agent:
    image: monitoringartist/zabbix-agent-xxl-limited
    container_name: monitoring_agent
    hostname: hope.ua
    ports:
      - "10050:10050"
    volumes:
      - /:/rootfs
      - /var/run:/var/run
    environment:
      ZA_Server: <zabbix.server>
    restart: always

Logs of docker container:

Zocker XXL v0.9.4b public limited version
Copyright (C) 2014-2016 Jan Garaj - www.monitoringartist.com
Freeware licence - Usage of this binary is restricted to official monitoringartist Docker images only.
Error #3

[jangaraj]

Container needs root permission, for example for access to the docker socket. But you are remaping root uid to your dcu user. Try to add --privileged --userns=host for zabbix-agent container. Reference: https://integratedcode.us/2016/04/08/user-namespaces-sharing-the-docker-unix-socket/

[sergsadovyi]

Thanks. --privileged --userns=host resolved the problem. Unfortunately, Docker Compose doesn't support it yet docker/compose#3349, so container should be started by docker cli command

    docker run \
      -d \
      --name=monitoring_agent \
      -h hope.ua \
      -p 10050:10050 \
      -v /:/rootfs \
      -v /var/run:/var/run \
      -e "ZA_Server=<zabbix.server>" \
      --privileged \
      --userns=host \
      monitoringartist/zabbix-agent-xxl-limited:latest