Docker 容器无法停止或移除 - 权限被拒绝错误
[英]Docker Containers can not be stopped or removed - permission denied Error
问题描述
Issue : Can not stop docker containers, whenever I try to stop containers I get the following Error message,
问题:无法停止 docker 容器,每当我尝试停止容器时,都会收到以下错误消息,
ERROR: for yattyadocker_web_1 cannot stop container: 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: Cannot kill container 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: rpc error: code = PermissionDenied desc = permission denied
OS Version/build: Ubuntu 16.04 |操作系统版本/内部版本: Ubuntu 16.04 | Docker Version 17.09.0-ce, build afdb6d4 | Docker 版本 17.09.0-ce,构建 afdb6d4 | Docker Compose version 1.17.1, build 6d101fb Docker 编写版本 1.17.1,构建 6d101fb
Steps to reproduce:重现步骤:
- Created a rails project with Dockerfile and docker-compose.yml.使用 Dockerfile 和 docker-compose.yml 创建了一个 rails 项目。 docker-compose.yml is of version 3. docker-compose.yml 是版本 3。
- Image is built successfully with either
docker build -t <project name>.使用docker build -t <project name>.ordocker-compose up --build或docker-compose up --build - Containers boots up and runs successfully.容器启动并成功运行。
- Try to stop docker compose with docker-compose down.尝试停止 docker 与 docker-compose 组合。
What I tried: :我尝试了什么::
- I have to run
sudo service docker restartand then the containers can be removed.我必须运行sudo service docker restart然后才能删除容器。 - Uninstalled docker, removed docker directory and then re installed everything.卸载 docker,删除 docker 目录,然后重新安装所有内容。 Still facing same issue.仍然面临同样的问题。
Note : This configuration was working correctly earlier, but somehow file permissions might have changed and I am seeing this error.注意:此配置之前工作正常,但不知何故文件权限可能已更改,我看到此错误。 I have to run sudo service docker restart and then the containers can be removed.我必须运行sudo service docker restart然后才能删除容器。 But this is highly inconvenient and I don't know how to troubleshoot this.但这非常不方便,我不知道如何解决这个问题。
Reference Files:参考文件:
# docker-compose.yml
version: '3'
volumes:
db-data:
driver: local
redis-data:
driver: local
services:
db:
image: postgres:9.4.1
volumes:
- db-data:/var/lib/postgresql/data
ports:
- "5432:5432"
env_file: local_envs.env
web:
image: yattya_docker:latest
command: bundle exec puma -C config/puma.rb
tty: true
stdin_open: true
ports:
- "3000:3000"
links:
- db
- redis
- memcached
depends_on:
- db
- redis
- memcached
env_file: local_envs.env
redis:
image: redis:3.2.4-alpine
ports:
# We'll bind our host's port 6379 to redis's port 6379, so we can use
# Redis Desktop Manager (or other tools) with it:
- 6379:6379
volumes:
# We'll mount the 'redis-data' volume into the location redis stores it's data:
- redis-data:/var/lib/redis
command: redis-server --appendonly yes
memcached:
image: memcached:1.5-alpine
ports:
- "11211:11211"
clock:
image: yattya_docker:latest
command: bundle exec clockwork lib/clock.rb
links:
- db
depends_on:
- db
env_file: local_envs.env
worker:
image: yattya_docker:latest
command: bundle exec rake jobs:work
links:
- db
depends_on:
- db
env_file: local_envs.env
And Dockerfile:和 Dockerfile:
# Dockerfile
FROM ruby:2.4.1
RUN apt-get update && apt-get install -y nodejs --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV APP_HOME /app
RUN mkdir -p $APP_HOME
WORKDIR $APP_HOME
ADD Gemfile* $APP_HOME/
RUN bundle install
ADD . $APP_HOME
RUN mkdir -p ${APP_HOME}/log
RUN cat /dev/null > "$APP_HOME/log/development.log"
RUN mkdir -p ${APP_HOME}/tmp/cache \
&& mkdir -p ${APP_HOME}/tmp/pids \
&& mkdir -p ${APP_HOME}/tmp/sockets
EXPOSE 3000
6 个解决方案
解决方案1
120 2019-05-14 15:56:13
I installed Docker from the snap package and after a while I decided to move to apt repository installation.我从 snap 包安装了 Docker,过了一段时间我决定转向 apt 存储库安装。
I was facing the same problem and using sudo aa-remove-unknown worked for me.我遇到了同样的问题,使用sudo aa-remove-unknown对我有用。
So no reinstallation of Apparmor was needed.所以不需要重新安装 Apparmor。
解决方案2
110 2018-08-15 01:45:02
For anyone that does not wish to completely purge AppArmor.对于不希望完全清除 AppArmor 的任何人。
Check status: sudo aa-status检查状态: sudo aa-status
Shutdown and prevent it from restarting: sudo systemctl disable apparmor.service --now关闭并阻止它重新启动: sudo systemctl disable apparmor.service --now
Unload AppArmor profiles: sudo service apparmor teardown卸载 AppArmor 配置文件: sudo service apparmor teardown
Check status: sudo aa-status检查状态: sudo aa-status
You should now be able to stop/kill containers.您现在应该能够停止/终止容器。
解决方案3
14 已采纳 2017-11-16 18:30:13
I was able to fix the issue.我能够解决这个问题。 Apparmor service in ubuntu was not working normally due to some unknown issue.由于一些未知问题,ubuntu 中的 Apparmor 服务无法正常工作。 The problem was similar to the issue reported in moby project https://github.com/moby/moby/issues/20554 .该问题类似于 moby 项目https://github.com/moby/moby/issues/20554 中报告的问题。
The /etc/apparmor.d/tunables folder was empty, and https://github.com/mlaventure suggested to purge/reinstall apparmor to get it to the initial state. /etc/apparmor.d/tunables文件夹为空, https://github.com/mlaventure建议清除/重新安装 apparmor 以使其恢复到初始状态。
So I reinstalled apparmor, and after restarting the problem was solved.于是我重新安装了apparmor,重启后问题就解决了。
Hope this helps.希望这会有所帮助。
解决方案4
11 2019-01-13 12:06:18
A direct fix to the problem is executing bash in the container to be killed and directly calling kill there.该问题的直接解决方法是在要杀死的容器中执行 bash 并在那里直接调用kill 。 An example:一个例子:
host$ docker exec -it <container-name> sh
container$ ps
PID USER TIME COMMAND
1 root 0:00 {entrypoint.sh} /bin/sh /entrypoint.sh
16 root 0:00 {entrypoint.sh} /bin/sh /entrypoint.sh
24 root 0:00 sh
31 root 0:00 ps
container$ kill 1
To check that the container was killed, run docker ps .要检查容器是否已终止,请运行docker ps 。 This is a useful alternative to the solution reinstalling apparmor as this will also remove snapd .这是重新安装 apparmor 的解决方案的有用替代方法,因为这也将删除snapd 。
解决方案5
4 2019-01-08 09:20:26
In my case the issue was that I had conflicting docker installations: docker itself from the official docker-ce package , but docker-compose from the Ubuntu snap package.就我而言,问题是我的 docker 安装存在冲突: docker本身来自官方docker-ce包,但docker-compose来自 Ubuntu snap 包。
Installing correctly docker-compose from the official github ( instructions here ) did the trick.从官方 github(此处的说明)正确安装docker-compose 。 I also followed the Linux post-install instructions and it may have helped as well (to run docker as a non-root user)我还遵循了Linux 安装后说明,它也可能有所帮助(以非 root 用户身份运行 docker)
I just left AppArmor alone here - I did not touch it.我只是把 AppArmor 一个人留在这里——我没有碰它。
解决方案6
0 2019-11-11 08:16:51
Follow these steps to be able to stop the container: 请按照下列步骤以能够停止容器:
Disable the apparmor service: 禁用apparmor服务:
sudo systemctl disable apparmor.service --now
Unload AppArmor profiles: 卸载AppArmor配置文件:
sudo service apparmor teardown
Check AppArmor status: 检查AppArmor状态:
sudo aa-status
You should be able to stop and kill your container now. 您现在应该可以停止并杀死您的容器。
解决方案7
0 2022-08-12 11:11:40
OS: Ubuntu 22.04 LTS docker version: 20.10.17, build 100c701 docker-compose version: 1.29.2操作系统:Ubuntu 22.04 LTS docker 版本:20.10.17,构建 100c701 ZBAEDB53E845AE71F13945FCC29572AE9Z 版本:
I faced the same issue and tried following,我遇到了同样的问题并尝试了以下操作,
- sudo systemctl disable apparmor.service --now sudo systemctl disable apparmor.service --now
- sudo service apparmor teardown sudo service apparmor 拆解
- sudo aa-remove-unknown sudo aa-remove-unknown
- reboot重启
These solutions didn't work for me.这些解决方案对我不起作用。 This issue happens because of a security feature of linux kernal, apparmor.发生此问题是因为 linux 内核、apparmor 的安全功能。
We can disable it by running docker daemon as a non-root user(Rootless mode), Execute following commands,我们可以通过以非 root 用户(无根模式)运行 docker 守护程序来禁用它,执行以下命令,
Solution:解决方案:
- curl -fsSL https://get.docker.com/rootless | curl -fsSL https://get.docker.com/rootless | sh |嘘| FORCE_ROOTLESS_INSTALL=1 FORCE_ROOTLESS_INSTALL=1
- export PATH=/home/user-directory/bin:$PATH导出 PATH=/home/user-directory/bin:$PATH
docker-compose down or docker rm, will work docker-compose down 或 docker rm,将工作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.