Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker issue #7977

Closed
geoHeil opened this issue Mar 13, 2016 · 5 comments
Closed

docker issue #7977

geoHeil opened this issue Mar 13, 2016 · 5 comments
Assignees
@jwhonce
Labels
component/containers priority/P2

Comments

@geoHeil
Copy link

geoHeil commented Mar 13, 2016

Version

oc v1.1.3
kubernetes v1.2.0-origin

Description

I try to execute:

sudo docker run -d --name "origin" \
        --privileged --pid=host --net=host \
        -v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys -v /var/lib/docker:/var/lib/docker:rw \
        -v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes \
        openshift/origin

to run open shift origin in a docker container.

The signal to start the container is sent to the docker daemon. However the container is not started as can be verified in syslog:

[ 1816.265477] aufs au_opts_verify:1597:docker[2010]: dirperm1 breaks the protection by the permission bits on the lower branch

Steps To Reproduce

  1. Execute the docker run command
  2. Check syslog

Current Result

The container is not started.

Expected Result

The container should be started successfully.

Additional Information

Other containers can be run successfully on this system.

A docker inforeturns:

docker info
Containers: 6
 Running: 0
 Paused: 0
 Stopped: 6
Images: 19
Server Version: 1.10.3
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 73
 Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
 Volume: local
 Network: bridge null host
Kernel Version: 4.2.0-30-generic
Operating System: Ubuntu 15.10
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.42 GiB
Name: testCluster

and the os is ubuntu 15:10, latest updates are installed.
@mfojtik
Copy link
Member

mfojtik commented Mar 13, 2016

@geoHeil there is related issue opened for docker: moby/moby#12701 (comment)

it appears to have something to do with iptables. can you please check the docker logs and look for the iptables command?

@geoHeil
Copy link
Author

geoHeil commented Mar 13, 2016

Unfortunately docker.logs are empty. I could only find the error above in syslog. A iptables -N DOCKER results in:
iptables: Chain already exists.

The following docker-opts are set:

# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --insecure-registry 172.30.0.0/16"

As far as I understand this should have been fixed in 1.7 - but I am using 1.10

@geoHeil
Copy link
Author

geoHeil commented Mar 15, 2016

Confirmed this issue on a fresh Ubuntu 14:04

@zmerlynn zmerlynn mentioned this issue Apr 14, 2016
Closed
@mrunalp
Copy link
Member

mrunalp commented Jun 27, 2016

This looks like a bug in the debian/ubuntu kernel. See moby/moby#21081

@pweil-
Copy link
Contributor

pweil- commented Jun 26, 2017

closing due to age

@pweil- pweil- closed this as completed Jun 26, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jwhonce jwhonce

Labels
component/containers priority/P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mfojtik @mrunalp @danmcp @jwhonce @geoHeil @pweil-