如何停止 运行 容器,如果来自守护程序的错误响应是:无法杀死容器 [...] 权限被拒绝?
How to stop running Container, if error response from daemon is: Cannot Kill Container [...] permission denied?
艰巨的任务:
每次我尝试停止或终止 运行ning 容器时,我都会收到来自守护程序的错误响应,权限被拒绝。
我刚开始学习如何使用 Ubuntu18.04 虚拟机 docker。我是 运行 第一次使用容器。我无法阻止它,但至少它是 运行ning。现在,在我尝试 运行 另一张图片 "furtuas/daisitory:image_available_first_ms" 之后,一切都变得更糟了。
两个容器 运行ning,我无法阻止其中一个。
我尝试重新启动 docker 但容器仍然 运行 本地主机不再工作的区别。
也许它发生在我 运行 和之前
相同的主机上
我对docker、ubuntu、终端等不熟悉,希望能为初学者提供详细的解答
$ docker info
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 8
Server Version: 18.09.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 96ec2177ae841256168fcf76954f7177af9446eb
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-43-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 3.83GiB
Name: dai-2
ID: ULKT:IYPB:L6GI:VQWG:FZQX:J6G6:OWOU:DP5M:KQFC:PWBJ:HEMA:VDIT
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: icoe
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support
$ docker version
Client:
Version: 18.09.1
API version: 1.39
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:35:31 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:02:44 2019
OS/Arch: linux/amd64
Experimental: false
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
furtuas/daisitory image_available_first_ms 64b3943856a0 6 days ago 660MB
icoe/dockerimageavailable first_ms 64b3943856a0 6 days ago 660MB
dockerimageavailable latest 64b3943856a0 6 days ago 660MB
my-maven latest 704b027074fb 6 days ago 660MB
dockerimagedetails latest 2da0a7987c2a 6 days ago 643MB
dockerimage latest af97e6623a8c 6 days ago 643MB
maven latest 3bc97dc2e7ba 3 weeks ago 832MB
java 8 d23bdf5b1b1b 2 years ago 643MB
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
66c6c49a95f4 furtuas/daisitory:image_available_first_ms "java -jar /car-pool…" 3 hours ago Up 3 hours first_ms_test
8e0646cc95f8 704b027074fb "java -jar /car-pool…" 6 days ago Up 6 days 0.0.0.0:8080->8080/tcp container_available
$ docker stop first_ms_test
Error response from daemon: cannot stop container: first_ms_test: Cannot kill container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7: unknown error after kill: runc did not terminate sucessfully: container_linux.go:387: signaling init process caused "permission denied"
: unknown
$ docker container rm -f first_ms_test
Error response from daemon: Could not kill running container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7, cannot remove - Cannot kill container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7: unknown error after kill: runc did not terminate sucessfully: container_linux.go:387: signaling init process caused "permission denied"
: unknown
请帮忙。
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
66c6c49a95f4 furtuas/daisitory:image_available_first_ms "java -jar /car-pool…" 3 hours ago Up 3 hours first_ms_test
8e0646cc95f8 704b027074fb "java -jar /car-pool…" 6 days ago Up 6 days 0.0.0.0:8080->8080/tcp container_available
注销虚拟机后,还是一样的响应:
$ docker stop 66c6c49a95f4
Error response from daemon: cannot stop container: 66c6c49a95f4: Cannot kill container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7: unknown error after kill: runc did not terminate sucessfully: container_linux.go:387: signaling init process caused "permission denied"
: unknown
您尝试过 docker stop <container-id> 或 docker kill <container-id> 吗?
注意:使用docker ps -a获取容器ID
此外,您使用的是 sudo 还是登录为 root?
我解决了,但我不确定为什么。我想我通过重新启动 VM 并使用这些命令
重新启动 docker 解决了这个问题
刷新更改:$ sudo systemctl daemon-reload
重启Docker:$ sudo systemctl restart docker
我遇到了同样的问题。与 apparmor 服务有一些冲突。在 Ubuntu 我可以通过重新安装 apparmor 来解决这个问题:
- sudo apt-get purge apparmor
- sudo apt-get install apparmor
- sudo /etc/init.d/apparmor start
描述 check if the entrypoint script has the shebang 开始于:
#!/bin/bash -xe
系统会阻止容器停止。为了解决这个问题,请更改没有 "e"
的入口点脚本
#!/bin/bash -x
使用技巧:
sudo killall docker-containerd-shim
从像这样卡住的已停止容器中释放 docker
这可能是由 Ubuntu 的安全性引起的,尤其是 apparmor
在那种情况下,您应该在 docker 运行 中添加 --security-opt apparmor:unconfined。这似乎比移除 apparmor 更可取。
例如尝试:
docker run --security-opt apparmor:unconfined -ti ubuntu bash
然后尝试 docker stop 看看效果如何!
我无法停止容器所以我只是重新启动了 containerd 服务并且它工作了 ->
sudo systemctl 重新启动 containerd
这些命令都不起作用只是重新启动主机,但这意味着所有 运行 容器都停止了,如果有人可以提供帮助,我需要一个解决方案
注意:--security-opt apparmor:unconfined 使主机不工作并且 docker 命令停止工作,我不得不重建其他容器
艰巨的任务: 每次我尝试停止或终止 运行ning 容器时,我都会收到来自守护程序的错误响应,权限被拒绝。
我刚开始学习如何使用 Ubuntu18.04 虚拟机 docker。我是 运行 第一次使用容器。我无法阻止它,但至少它是 运行ning。现在,在我尝试 运行 另一张图片 "furtuas/daisitory:image_available_first_ms" 之后,一切都变得更糟了。 两个容器 运行ning,我无法阻止其中一个。 我尝试重新启动 docker 但容器仍然 运行 本地主机不再工作的区别。 也许它发生在我 运行 和之前
相同的主机上我对docker、ubuntu、终端等不熟悉,希望能为初学者提供详细的解答
$ docker info
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 8
Server Version: 18.09.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 96ec2177ae841256168fcf76954f7177af9446eb
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-43-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 3.83GiB
Name: dai-2
ID: ULKT:IYPB:L6GI:VQWG:FZQX:J6G6:OWOU:DP5M:KQFC:PWBJ:HEMA:VDIT
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: icoe
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support
$ docker version
Client:
Version: 18.09.1
API version: 1.39
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:35:31 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:02:44 2019
OS/Arch: linux/amd64
Experimental: false
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
furtuas/daisitory image_available_first_ms 64b3943856a0 6 days ago 660MB
icoe/dockerimageavailable first_ms 64b3943856a0 6 days ago 660MB
dockerimageavailable latest 64b3943856a0 6 days ago 660MB
my-maven latest 704b027074fb 6 days ago 660MB
dockerimagedetails latest 2da0a7987c2a 6 days ago 643MB
dockerimage latest af97e6623a8c 6 days ago 643MB
maven latest 3bc97dc2e7ba 3 weeks ago 832MB
java 8 d23bdf5b1b1b 2 years ago 643MB
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
66c6c49a95f4 furtuas/daisitory:image_available_first_ms "java -jar /car-pool…" 3 hours ago Up 3 hours first_ms_test
8e0646cc95f8 704b027074fb "java -jar /car-pool…" 6 days ago Up 6 days 0.0.0.0:8080->8080/tcp container_available
$ docker stop first_ms_test
Error response from daemon: cannot stop container: first_ms_test: Cannot kill container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7: unknown error after kill: runc did not terminate sucessfully: container_linux.go:387: signaling init process caused "permission denied"
: unknown
$ docker container rm -f first_ms_test
Error response from daemon: Could not kill running container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7, cannot remove - Cannot kill container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7: unknown error after kill: runc did not terminate sucessfully: container_linux.go:387: signaling init process caused "permission denied"
: unknown
请帮忙。
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
66c6c49a95f4 furtuas/daisitory:image_available_first_ms "java -jar /car-pool…" 3 hours ago Up 3 hours first_ms_test
8e0646cc95f8 704b027074fb "java -jar /car-pool…" 6 days ago Up 6 days 0.0.0.0:8080->8080/tcp container_available
注销虚拟机后,还是一样的响应:
$ docker stop 66c6c49a95f4
Error response from daemon: cannot stop container: 66c6c49a95f4: Cannot kill container 66c6c49a95f499abeb62b1c02e7e9b8ce1739709bb2140ba7b1a61094a9d16f7: unknown error after kill: runc did not terminate sucessfully: container_linux.go:387: signaling init process caused "permission denied"
: unknown
您尝试过 docker stop <container-id> 或 docker kill <container-id> 吗?
注意:使用docker ps -a获取容器ID
此外,您使用的是 sudo 还是登录为 root?
我解决了,但我不确定为什么。我想我通过重新启动 VM 并使用这些命令
重新启动 docker 解决了这个问题刷新更改:$ sudo systemctl daemon-reload
重启Docker:$ sudo systemctl restart docker
我遇到了同样的问题。与 apparmor 服务有一些冲突。在 Ubuntu 我可以通过重新安装 apparmor 来解决这个问题:
- sudo apt-get purge apparmor
- sudo apt-get install apparmor
- sudo /etc/init.d/apparmor start
描述
#!/bin/bash -xe
系统会阻止容器停止。为了解决这个问题,请更改没有 "e"
的入口点脚本#!/bin/bash -x
使用技巧:
sudo killall docker-containerd-shim
从像这样卡住的已停止容器中释放 docker
这可能是由 Ubuntu 的安全性引起的,尤其是 apparmor
在那种情况下,您应该在 docker 运行 中添加 --security-opt apparmor:unconfined。这似乎比移除 apparmor 更可取。
例如尝试:
docker run --security-opt apparmor:unconfined -ti ubuntu bash
然后尝试 docker stop 看看效果如何!
我无法停止容器所以我只是重新启动了 containerd 服务并且它工作了 -> sudo systemctl 重新启动 containerd
这些命令都不起作用只是重新启动主机,但这意味着所有 运行 容器都停止了,如果有人可以提供帮助,我需要一个解决方案
注意:--security-opt apparmor:unconfined 使主机不工作并且 docker 命令停止工作,我不得不重建其他容器