I am new to docker, so I don’t understand a lot of it but have managed. I have encountered and issue during the build process.
I also see
addgroup -S user && adduser -S user -G user && wget
`unable to start container error during container init: error mounting "sysfs" to rootfs at "sys": mount sysf:/sys (via /proc/self/fd/8) flags: operation not permitted`
as for install guide not sure.
I am taking over a project with little docker experience and little help from teams.
if this isn’t enough information, not sure whatelse I can release
My first thought was something with the Control Groups. because of mentioning the “sys” and “sysfs”, but since Docker is on RHEL, mybe it is SELinux which blocks the request. Try removing parameters and see when the command will start to work, especially without the host network.
There seems to be an issue related to the docker file I am getting unable to start container and error process /bin/sh -c wget http://localhost.local/repo/alpine.3.20.repo did not complete successfully the local firewall is open to allow docker zone=docker target=ACCEPT
Host network should still work, but at least we know the problem was that at least. I’m not as familiar with RHEL as I am with debian based systems, so I’m not sure what could block the host network. You can try searching for issues on GitHub like this
although host network was not mntioned here, but SELinux and something called “fapolicyd” were.
I disabled seLinux and gave that a shot but it failed with same issues. Only after removing network=host was I able to move on. I am not sure what network=host does. Attach the docker container to the localhost? I added --network="host" maybe thinking I had the syntax wrong. But still isn’t working. I am not sure what the issue could be but all of this works with CentOS, just having the issue with RHEL. Removing it for now and seeing what happens.
Also it appears we aren’t using fapolicyd. I couldn’t find any mention on the server.
Thanks for all of the help.
Host network is the lack of network isolation which could be considered insecure and could be blocked by security related apps, although I don’t remember any case