Docker 启用用户命名空间,容器开始失败
Docker enabled usernamespace, container starting to fail
OS:CentO
当我启用 docker 命名空间时,我 运行 进入波纹管错误,而 运行 容器
# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:49a1c8800c94df04e9658809b006fd8a686cab8028d33cfba2cc049724254202
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\"": unknown.
以下是我使用的设置
# id robot
uid=1000(robot) gid=1000(robot) groups=1000(robot)
# cat /etc/docker/daemon.json
{
"userns-remap": "robot"
}
对于用户,您还需要在 /etc/subuid 和 /etc/subgid 中为您的用户和组输入条目。
$ more /etc/subuid
robot:100000:65536
$ more /etc/subgid
robot:100000:65536
您还需要 user.max_user_namespaces 的 sysctl 设置足够大:
$ echo "user.max_user_namespaces=15000" >> /etc/sysctl.conf
$ sysctl -p
Docker 有更多关于他们在 RHEL/CentOS 环境中看到的问题的详细信息:https://success.docker.com/article/user-namespace-runtime-error
OS:CentO 当我启用 docker 命名空间时,我 运行 进入波纹管错误,而 运行 容器
# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:49a1c8800c94df04e9658809b006fd8a686cab8028d33cfba2cc049724254202
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\"": unknown.
以下是我使用的设置
# id robot
uid=1000(robot) gid=1000(robot) groups=1000(robot)
# cat /etc/docker/daemon.json
{
"userns-remap": "robot"
}
对于用户,您还需要在 /etc/subuid 和 /etc/subgid 中为您的用户和组输入条目。
$ more /etc/subuid
robot:100000:65536
$ more /etc/subgid
robot:100000:65536
您还需要 user.max_user_namespaces 的 sysctl 设置足够大:
$ echo "user.max_user_namespaces=15000" >> /etc/sysctl.conf
$ sysctl -p
Docker 有更多关于他们在 RHEL/CentOS 环境中看到的问题的详细信息:https://success.docker.com/article/user-namespace-runtime-error