Docker rootless postgres container stops with error OCI runtime 367 and linux.go 495

snow13 · May 19, 2021, 11:51pm

Hi,
This is my first post to the Docker community. I’ve been researching this issue a long time now, searched the forums, looked at the topic similar to and I still need help. Please let me know if this is the wrong forum.

Ubuntu 20.04.2 Linux
Docker Engine - Community 20.10.6
Docker Compose 1.28.5
docker-py version: 4.4.4
uses btrfs
Postgres image latest

I’ve followed the Docker and Docker Compose documentation on setting up rootless docker for a Ubuntu Linux environment. I can run commands such as docker version but I use PyCharm gui mainly. I pulled the latest Postgres image successfully and tried to start a container but got the error:

com.intellij.remoteServer.util.ServerRuntimeException:
OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: write sysctl key kernel.domainname: open /proc/sys/kernel/domainname: permission denied: unknown

from terminal when trying to start container 264:
Error response from daemon:
OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: write sysctl key kernel.domainname: open /proc/sys/kernel/domainname: permission denied: unknown
Error: failed to start containers: 264

I verified the docker service is running with systemctl status docker.service. Root gives same. I’m really stuck here.

Can someone help?

snow13 · May 30, 2021, 1:22am

Did I miss any needed info? Any direction will be helpful.

renefritze · January 6, 2022, 1:27pm

Did you ever figure out the cause for this?

rimelek · January 6, 2022, 11:29pm

It would be nice to see the command that tried to start the container and anything that you tried but did not help so we don’t need to recommend the same nonworking solutions. Can you show your command?

If I had to guess I would say it is a docker run that uses --domainname or --hostname.

here is a similar issue:

github.com/docker/for-linux

docker-ce 19.03: domainname denied if userns enabled

opened 11:11AM - 29 Jul 19 UTC

lysandef

* [x] This is a bug report * [ ] This is a feature request * [ ] I searched existing issues before opening this one  ### Expected behavior When docker is user-namespace enabled, starting a container with`docker run -ti --domainname my.domain debian /bin/bash` should work. ### Actual behavior docker run fails with: ``` # docker run -ti --domainname my.domain debian /bin/bash docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write sysctl key kernel.domainname: open /proc/sys/kernel/domainname: permission denied\"": unknown. ``` Info: it worked on docker-ce version 18.09 and 18.03 ### Steps to reproduce the behavior  Run docker-daemon with 'userns-remap' = 'default' ``` # docker run -ti --domainname my.domain debian /bin/bash ``` **Output of `docker version`:** ``` Client: Docker Engine - Community Version: 19.03.1 API version: 1.40 Go version: go1.12.5 Git commit: 74b1e89 Built: Thu Jul 25 21:22:03 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.1 API version: 1.40 (minimum version 1.12) Go version: go1.12.5 Git commit: 74b1e89 Built: Thu Jul 25 21:20:35 2019 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.6 GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb runc: Version: 1.0.0-rc8 GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f docker-init: Version: 0.18.0 GitCommit: fec3683 ``` **Output of `docker info`:** ``` Client: Debug Mode: false Server: Containers: 16 Running: 13 Paused: 0 Stopped: 3 Images: 34 Server Version: 19.03.1 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: journald Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f init version: fec3683 Security Options: seccomp Profile: default userns Kernel Version: 4.9.0-9-amd64 Operating System: Debian GNU/Linux 9 (stretch) OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 62.71GiB Name: host2 ID: VO7E:SES6:T7W5:FZNZ:QVD5:EQQJ:6BIS:BH4A:NQZM:3UHF:DYYL:7Z32 Docker Root Dir: /var/lib/docker/100000.100000 Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No swap limit support ``` **Additional environment details (AWS, VirtualBox, physical, etc.)** docker-ce is running on a physical server. It is running with the following daemon-options: ``` { "userns-remap": "default", "userland-proxy": false, "log-driver": "journald", "log-opts": { "tag": "[{{.ImageName}}]{{.Name}}" }, "live-restore": false, "dns-opts": ["timeout:3"], "default-ipc-mode": "private" } ``` subuid/subgid: ``` # cat /etc/subuid dockremap:100000:65536 # cat /etc/subgid dockremap:100000:65536 ```

Topic		Replies	Views
Error OCI runtime ( mounting proc to rootfs caused permission denied Docker Hub docker , ci_cd	0	2764	March 13, 2019
Error response from daemon: General	7	1739	July 4, 2022
Error Running Hello-World Image General	0	844	July 25, 2019
Unable to start containers due to OCI runtime create failed: General docker	1	1036	February 24, 2023
Docker: Error response from daemon: OCI runtime create failed: container_linux.go:349 General docker	0	1968	March 3, 2021

Docker rootless postgres container stops with error OCI runtime 367 and linux.go 495

Related topics