docker run hello-world still fails, permission denied
14,055
Solution 1
Use lxc.apparmor.profile: unconfined
Just put at the end of an /etc/pve/lxc/ID.conf
file and restart your LXC container.
Using lxc.aa_profile: unconfined
is deprecated as was renamed.
Solution 2
If you don't care about security or trust your docker containers:
- Edit the configuration file of your lxc container on the host in
/etc/pve/lxc/ID.conf
by addinglxc.aa_profile: unconfined
at the end of the file. - Remove apparmor:
apt-get remove apparmor --purge
Solution 3
Iam Solved this problem with execute this command on Host:
lxc config set your-lxc-name security.nesting true
lxc config set your-lxc-name security.privileged true
Author by
lilo17
Updated on July 19, 2022Comments
-
lilo17 almost 2 years
I'm trying to run docker but it still fails. Here is what i get
root@c1170137:~# docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world c04b14da8d14: Extracting 974 B/974 B docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: permission denied. See 'docker run --help'.
kernel: 4.4.16-1-pve
i'm using debian jessie
Distributor ID: Debian Description: Debian GNU/Linux 8.5 (jessie) Release: 8.5 Codename: jessie
Edit: daemon.log http://hastebin.com/qinufacuto.coffee
docker info
root@c1177124:~# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 1.12.1 Storage Driver: vfs Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: host bridge null overlay Swarm: inactive Runtimes: runc Default Runtime: runc Security Options: Kernel Version: 4.4.16-1-pve Operating System: Debian GNU/Linux 8 (jessie) OSType: linux Architecture: x86_64 CPUs: 32 Total Memory: 2 GiB Name: c1177124 ID: 4YUJ:OL2E:WLJC:23WJ:5HRW:LRY3:QHKC:MKXO:JDWO:VWOQ:JMWN:V52W Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled Insecure Registries: 127.0.0.0/8
By the way, the problem could be caused by the kernel. Thank you for any idea or solution