search

vmware / photon

Minimal Linux container host
https://vmware.github.io/photon
Other
3.05k stars 697 forks source link

[DOCS] Docker Rootless Support: Errors when running containers #1474

Open iwaseyusuke opened 1 year ago

iwaseyusuke commented 1 year ago

Describe the bug

After I followed the instructions in the docs (https://vmware.github.io/photon/docs-v5/administration-guide/containers/docker-rootless-support/), I got the following error to run a container.

$ docker run --rm -it ubuntu:22.04
Unable to find image 'ubuntu:22.04' locally
22.04: Pulling from library/ubuntu
dbf6a9befcde: Pull complete
Digest: sha256:dfd64a3b4296d8c9b62aa3309984f8620b98d87e47492599ee20739e8eb54fbf
Status: Downloaded newer image for ubuntu:22.04
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: unable to apply cgroup configuration: unable to start unit "docker-bd28e138a723eae7a91b05268d98f9e227f484f5aeb8aab7b4bb98a5a2b12513.scope" (properties [{Name:Description Value:"libcontainer container bd28e138a723eae7a91b05268d98f9e227f484f5aeb8aab7b4bb98a5a2b12513"} {Name:Slice Value:"user.slice"} {Name:Delegate Value:true} {Name:PIDs Value:@au [989]} {Name:MemoryAccounting Value:true} {Name:CPUAccounting Value:true} {Name:IOAccounting Value:true} {Name:TasksAccounting Value:true} {Name:DefaultDependencies Value:false}]): Permission denied: unknown.
ERRO[0015] error waiting for container:

Reproduction steps

  1. Follow the instructions at https://vmware.github.io/photon/docs-v5/administration-guide/containers/docker-rootless-support/
  2. Run any container with docker run command

Expected behavior

A container should be successfully running.

Additional context

According to the following FAQ in the containerd repo, https://github.com/containerd/nerdctl/blob/main/docs/faq.md#error-failed-to-create-shim-task-oci-runtime-create-failed-runc-create-failed-unable-to-start-container-process-unable-to-apply-cgroup-configuration-unable-to-start-unit--nameslice-valueuserslice-namedelegate-valuetrue--permission-denied-unknown

we also need to run the following command before running some containers.

systemctl --user start dbus

This is not described by dockerd-rootless-setuptool.sh check command though...

cageyv commented 11 months ago

That solution is not perfect, but it allow us to reboot the machine

tdnf install -y dbus-user-session
sed -i '/set -e -x/a systemctl --user start dbus' /bin/dockerd-rootless.sh
sed -i '/systemctl --user start dbus/a ### HotFix ###' /bin/dockerd-rootless.sh