Docker 27.3.0 error: Error response from daemon: invalid mount config: must use either propagation mode "rslave" or "rshared" when mount source is within the daemon root, daemon root: "/var/lib/docker", bind mount source: "/var/lib/docker", propagation: "

str1atum · September 20, 2024, 6:58am

Hi!

I unfortunately updated to 27.3.0 on Ubuntu 24.04 tonight and now one grafana / promtail / cadvisor / loki stack is not working any more, on compose up -d I get the following error:

Error response from daemon: invalid mount config: must use either propagation mode “rslave” or “rshared” when mount source is within the daemon root, daemon root: “/var/lib/docker”, bind mount source: “/var/lib/docker”, propagation: “rprivate”

I suppose it has something to do with the volumes mount for cadvisor and promtail:

cadvisor:
volumes:
- /:/rootfs:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker:/var/lib/docker:ro
- /sys/fs/cgroup:/cgroup:ro
- /dev/disk/:/dev/disk:ro

promtail:
volumes:
- ./promtail-config.yaml:/etc/promtail/promtail-config.yml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro

Thanks in advance!

bluepuma77 · September 20, 2024, 9:26am

Don’t know about your mount config issue.

Just wanted to mention that - /var/run/docker.sock:/var/run/docker.sock:ro is not setting the socket to read-only, so the line implies a false sense of security. I personally think it should throw at least a warning.

The socket is like a TCP connection, it needs two-way communitcaition to work, like http. To secure the Docker socket, you would need to use a Docker socket proxy that restricts GET and potentially disallows all POST.

rimelek · September 20, 2024, 11:09am

It seems to me that the error message tells you the solution. It tells you that the daemon root is /var/lib/docker and that when you mount something from that folder, you need to set either rslave or rshared. It also says it is set to rprivate.

The solution is in the documentation

https://docs.docker.com/engine/storage/bind-mounts/#configure-bind-propagation

So you need to add either rslave or rshared after ro separated by a comma:

- /var/lib/docker/containers:/var/lib/docker/containers:ro,rshared

ezpc98 · September 20, 2024, 6:29pm

I had the same issue with one of the service in my setup. Seems this issue crept in Compose CLI update (2.29.6) yesterday and fixed swiftly today ([2.29.7] (Release v2.29.7 · docker/compose · GitHub)). After update, same compose file now working and no error.

rimelek · September 20, 2024, 8:28pm

It means that the other compose version didn’t even work with adding rshared to the mount options?

ezpc98 · September 20, 2024, 8:49pm

I didn’t try. I was checking forums and saw another update announcement referring to fix for mount API which made the sense to me.

bluepuma77 · September 22, 2024, 9:50am

Interesting explanation (comment).

rimelek · September 22, 2024, 11:26am

So the problem was indeed with the default set by compose. Good to know it was a known bug. Thanks for the link.

Topic		Replies	Views
Docker: Error response from daemon: path / is mounted on / but it is not a shared or slave mount General	0	5483	June 28, 2022
How to change command to send logs with promtail via loki on Docker Docker Desktop	0	1223	February 22, 2021
Docker update 26.0.2 broke cadvisor / node-exporter General	1	216	April 20, 2024
Mounted volume / wrong df value reported General	14	2946	August 2, 2021
Invalid mount config for type "bind" Compose	4	12459	December 15, 2023

Docker 27.3.0 error: Error response from daemon: invalid mount config: must use either propagation mode "rslave" or "rshared" when mount source is within the daemon root, daemon root: "/var/lib/docker", bind mount source: "/var/lib/docker", propagation: "

Related topics