docker run hello-world still fails, permission denied

linux docker debian
14,055

Solution 1

Use lxc.apparmor.profile: unconfined

Just put at the end of an /etc/pve/lxc/ID.conf file and restart your LXC container.

Using lxc.aa_profile: unconfined is deprecated as was renamed.

Solution 2

If you don't care about security or trust your docker containers:

  1. Edit the configuration file of your lxc container on the host in /etc/pve/lxc/ID.conf by adding lxc.aa_profile: unconfined at the end of the file.
  2. Remove apparmor: apt-get remove apparmor --purge

Solution 3

Iam Solved this problem with execute this command on Host:

lxc config set your-lxc-name security.nesting true

lxc config set your-lxc-name security.privileged true

Share:
14,055
lilo17
Author by

lilo17

Updated on July 19, 2022

Comments

  • lilo17
    lilo17 almost 2 years

    I'm trying to run docker but it still fails. Here is what i get

    root@c1170137:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world

c04b14da8d14: Extracting    974 B/974 B
docker: failed to register layer: ApplyLayer exit status 1 stdout:  stderr: permission denied.
See 'docker run --help'.

    kernel: 4.4.16-1-pve

    i'm using debian jessie

    Distributor ID: Debian
Description:    Debian GNU/Linux 8.5 (jessie)
Release:        8.5
Codename:       jessie

    Edit: daemon.log http://hastebin.com/qinufacuto.coffee

    docker info

    root@c1177124:~# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.12.1
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: host bridge null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options:
Kernel Version: 4.4.16-1-pve
Operating System: Debian GNU/Linux 8 (jessie)
OSType: linux
Architecture: x86_64
CPUs: 32
Total Memory: 2 GiB
Name: c1177124
ID: 4YUJ:OL2E:WLJC:23WJ:5HRW:LRY3:QHKC:MKXO:JDWO:VWOQ:JMWN:V52W
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
 127.0.0.0/8

    By the way, the problem could be caused by the kernel. Thank you for any idea or solution

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

-su: /dev/tty: No such device or address
"bash: sysctl: command not found" in debian:stretch-slim
How to run docker inside chroot
Cannot enable cgroup_enable=memory swapaccount=1 on GCE Debian Jessie instance
Docker: failed to add the pair interfaces (operation not supported)
Docker increase available disk space
What are the benefits of running a docker container inside a VM vs running docker containers on bare metal?
Docker: How to add backports to sources.list via Dockerfile?
What is the difference between C.UTF-8 and en_US.UTF-8 locales?
Switching users inside Docker image to a non-root user