I am trying to run Docker on a CentOS 7 VPS by following this guide here: https://openvz.org/Docker_inside_CT

My host indicates they have performed all the steps prior to installing docker-io. I have docker-io installed and running, but when I try to run the hello-world container to see if its working I get this:

docker: Error response from daemon: Cannot start container 0bd719fe7bc05971ddd43f9c1c0c2f71a74c6bcc58cac74501e80890ecebb313: [9] System error: write /sys/fs/cgroup/freezer,devices/system.slice/docker-0bd719fe7bc05971ddd43f9c1c0c2f71a74c6bcc58cac74501e80890ecebb313.scope/devices.allow: operation not permitted.

I am new to docker so any input would be appreciated. If I need to take this issue elsewhere just let me know.

Looking deeper it looks like the base of the cgroup fs is mounted read only… not sure why… I assume this isn’t how its supposed to be?

/dev/simfs / simfs rw,relatime 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
devtmpfs /dev devtmpfs rw,nosuid,mode=755 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio,name=beancounter 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/freezer,devices cgroup rw,nosuid,nodev,noexec,relatime,freezer,devices,name=container 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct,cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu,cpuset,name=fairsched 0 0
tmpfs /run/user/500 tmpfs rw,nosuid,nodev,relatime,size=262144k,mode=700,uid=500,gid=500 0 0

Scratch that… looks like it might be intentionally mounted as ro because of systemd…