/proc/sys/net issues

[jeeftor]

I've followed the instructions to install sysbox and gone through the troubleshooting guide but I'm at a loss:

**Running as a user in the docker group***

docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: container_linux.go:439: starting container process caused: process_linux.go:608: container init caused: write sysctl key net.ipv4.ping_group_range: open /proc/sys/net/ipv4/ping_group_range: no such file or directory: unknown.

Running as root

docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: container_linux.go:439: starting container process caused: process_linux.go:608: container init caused: write sysctl key net.ipv4.ip_unprivileged_port_start: open /proc/sys/net/ipv4/ip_unprivileged_port_start: no such file or directory: unknown.

The user file does exist:

-rw-r--r-- 1 root root 0 Aug  7 13:20 /proc/sys/net/ipv4/ping_group_range

The other file however doesnt:

ls: cannot access '/proc/sys/net/ipv4/ip_unprivileged_port_start:': No such file or directory

OS Info:

NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Docker Info

Client: Docker Engine - Community
 Version:    27.1.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 5
  Running: 0
  Paused: 0
  Stopped: 5
 Images: 68
 Server Version: 27.1.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: sysbox-runc io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
 Kernel Version: 5.4.0-1103-fips
 Operating System: Ubuntu 20.04.6 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 62.77GiB
 Name: sdk-hub
 ID: 1dd57254-211d-47a9-81ba-975b4f5a2b70
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Default Address Pools:
   Base: 172.25.0.0/16, Size: 24

WARNING: No swap limit support

Services are running:

systemctl list-units -t service --all | grep sysbox

  sysbox-fs.service                      loaded    active   running sysbox-fs (part of the Sysbox container runtime)                                
  sysbox-mgr.service                     loaded    active   running sysbox-mgr (part of the Sysbox container runtime)                               
  sysbox.service                         loaded    active   running Sysbox container runtime    

Kernel

5.4.0-1103-fips << shiftfs might be required...

[dmalapsh]

I had the same problem. The docker info was very similar to yours. I solved my problem by upgrading my system to Ubuntu version 22.04.

I can't say what the problem was, probably the problem is either in the old version of the kernel. Even if the problem is different, then do-release-upgrade fixed it in the course of its work.

After updating the system, my docker info started to look like this:

Client: Docker Engine - Community
 Version:    24.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.5
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.18.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 12
  Running: 4
  Paused: 0
  Stopped: 8
 Images: 18
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc sysbox-runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-119-generic
 Operating System: Ubuntu 22.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 7.751GiB
 ID: a76975fd-2240-4110-b146-97263cdb7d34
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Default Address Pools:
   Base: 172.25.0.0/16, Size: 24

[ctalledo]

Hi @jeeftor, thanks for filing the issue.

I am not able to reproduce on a Ubuntu Focal host with Docker engine 27.3.1 and Sysbox v0.6.4.

And both sysctls you mentioned above are present in the host:

$ ls -l /proc/sys/net/ipv4/ping_group_range
-rw-r--r-- 1 root root 0 Sep 23 22:13 /proc/sys/net/ipv4/ping_group_range

$ ls -l /proc/sys/net/ipv4/ip_unprivileged_port_start
-rw-r--r-- 1 root root 0 Sep 23 22:14 /proc/sys/net/ipv4/ip_unprivileged_port_start

Not sure how else to help.

Thanks!

[jeeftor]

I've moved on so let's close this but thanks