docker run过程中出现以下错误和 docker build从 Debian 8 升级到 Debian 9 后:
ERROR: Service 'etherpad' failed to build: OCI runtime create failed: container_linux.go:344: starting container process caused "error loading seccomp filter into kernel: invalid argument": unknown
我在使用
--seccomp-profile:unconfined 运行容器时解决了这个问题但 build 不支持这个标志( https://github.com/moby/moby/issues/21105 )。我还尝试通过 daemon.json 将它传递给守护程序,但这在启动过程中导致错误。内核支持已启用:
grep CONFIG_SECCOMP= /boot/config-$(uname -r)
CONFIG_SECCOMP=y
docker 信息:
Containers: 38
Running: 9
Paused: 0
Stopped: 29
Images: 119
Server Version: 18.09.2
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 275
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec
init version: fec3683
Security Options:
seccomp
WARNING: You're not using the default seccomp profile
Profile: /root/labs/security/seccomp/seccomp-profiles/default.json
Kernel Version: 3.16.0-7-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.71GiB
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
有谁知道如何解决它?非常感谢。
最佳答案
TLDR; 升级到 Stretch 后重启服务器。
您的问题看起来与我遇到的问题相似。我收到以下错误:
OCI runtime create failed: container_linux.go:345: starting container process caused "error loading seccomp filter into kernel: invalid argument": unknown
从 Jessie 升级到 Stretch 并安装 Docker 的全新副本 ( https://docs.docker.com/install/linux/docker-ce/debian/ ) 后,出现此问题。
我相信你的问题是相似的,因为你的 docker info 输出显示
Kernel Version: 3.16.0-7-amd64
对我来说:
# uname -a
Linux debian 3.16.0-7-amd64 #1 SMP Debian 3.16.59-1 (2018-10-03) x86_64 GNU/Linux
Stretch 应该使用比那个更高的内核版本,所以修复是:
# reboot
# uname -a
Linux debian 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64 GNU/Linux
关于从 debian 8 升级到 debian 9 后出现 Docker seccomp 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54904915/