Docker Community Forums

Share and learn in the Docker community.

Can not stop Docker Container: permission denied Error

build
docker

(Parthmodi) #1

Issue: Can not stop docker containers, whenever I try to stop containers I get the following Error message,

ERROR: for yattyadocker_web_1  cannot stop container: 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: Cannot kill container 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: rpc error: code = PermissionDenied desc = permission denied

OS Version/build: Ubuntu 16.04 | Docker Version 17.09.0-ce, build afdb6d4 | Docker Compose version 1.17.1, build 6d101fb
Steps to reproduce:

  1. Created a project with Dockerfile and docker-compose.yml. docker-compose.yml is of version 3.
  2. Images is built successfully with either docker build -t yattya_docker . or docker-compose up --build
  3. Containers boots up and runs successfully.
    4 .Try to stop docker compose with docker-compose down

(Parthmodi) #2

I also added a question on stack-overflow, if anyone can help https://stackoverflow.com/q/47223280/4933185


(Charl13) #3

I’m experiencing the same issue.

Ubuntu 16.04
Docker version 17.09.0-ce, build afdb6d4
docker-compose version 1.8.0

Tried re-installing docker-ce with apt-get purge --auto-remove. No luck. Restarting docker service with sudo service docker restart works but stopping the service every time I have to use the docker-compose down command is not a fix.


(Charl13) #5

So even when I create a container outside docker-compose and try to stop or kill it it results in the same error. Meaning I can not stop or kill any container.

Using docker inspect I found the PID the container was using. Killing this process as root using kill -9 did not work. Eventually I started consulting the docker service and found the line below in the results of the dmesg command:

[ 5602.621070] audit: type=1400 audit(1510837007.956:60): apparmor=“DENIED” operation=“signal” profile=“docker-default” pid=20728 comm=“docker-containe” requested_mask=“receive” denied_mask=“receive” signal=kill peer=“unconfined”

After using the below commands I was able to use docker-compose stop again.
sudo apt-get purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes


(Alphafoobar) #6

Worked for me. Found similar advice on stackoverflow: https://stackoverflow.com/questions/47223280/docker-containers-can-not-be-stopped-or-removed-permission-denied-error


(Jsloan117) #7

For anyone that does not wish to completely purge AppArmor.

Check status: sudo aa-status

Shutdown and prevent it from restarting: sudo systemctl disable apparmor.service --now
Unload AppArmor profiles: sudo service apparmor teardown
Check status: sudo aa-status

You should now be able to stop/kill containers.