I’ve read in these pages that docker-ce’s user namespace feature is not supported on centos 7. I don’t know if that is official or something thrown out by a passerby. I’ve read also, in different places, folks are having success with such. So my question, with hope:

Are there any thoughts on this problem? Is this dismissed by saying centos does not support user namespaces, or is there some stup-ee-doe configuration error on my part. I know I can try later versions, but I would like this version to work.

After setting up username space.

When I attempt the official hello-world image, I get this:

[jfraney@nasdevap07 ~]$ docker run hello-world
nsenter: failed to update /proc/20356/uid_map: Invalid argument
container_linux.go:262: starting container process caused “process_linux.go:247: running exec setns process for init caused "exit status 2"”
nsenter: failed to sync with parent: SYNC_USERMAP_ACK: got 255: Success
docker: Error response from daemon: oci runtime error: container_linux.go:262: starting container process caused “process_linux.go:247: running exec setns process for init caused "exit status 2"”.

OS Version/build

[jfraney@nasdevap07 ~]$ docker info | grep ersion
Server Version: 17.06.2-ce
Library Version: 1.02.135-RHEL7 (2016-09-28)
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 810190ceaa507aa2727d7ae6f4790c76ec150bd2
init version: 949e6fa
Kernel Version: 3.10.0-514.el7.x86_64

Yes, kernel argument to enable user namespace is active. This output is from dmesg:

[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.el7.x86_64 root=/dev/mapper/vg_os-root ro crashkernel=auto rd.lvm.lv=vg_os/root rd.lvm.lv=vg_os/swap rhgb quiet LANG=en_US.UTF-8 user_namespace.enable=1

This is entry in daemon.json:

“userns-remap”: “nasremap”,

Likewise, entries in subuid, subgid:

[jfraney@nasdevap07 ~]$ cat /etc/sub[gu]id
nasremap:200000:65536
nasremap:200000:65536
nasremap:200000:65536
nasremap:200000:65536

Thanks.