Running Docker in Ubuntu Bionic Container
Question
I am installing Docker CE on the latest Ubuntu Docker image and getting the following error. I followed installation instructions carefully; maybe installing Docker on a Docker container is not the way to go about this? I'm working with Jenkins Pipelines and have Jenkins installed on the Ubuntu container; the next piece is to get Docker running.
time="2018-10-26T13:25:09.920187300Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2018-10-26T13:25:09.920228600Z" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///var/run/docker/containerd/docker-containerd.sock 0 <nil>}]" module=grpc
time="2018-10-26T13:25:09.920250500Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2018-10-26T13:25:09.920286200Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420047e60, CONNECTING" module=grpc
time="2018-10-26T13:25:09.920480100Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420047e60, READY" module=grpc
time="2018-10-26T13:25:09.920501400Z" level=info msg="Loading containers: start."
time="2018-10-26T13:25:09.920666400Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: , error: exec: \"modprobe\": executable file not found in $PATH"
time="2018-10-26T13:25:09.920704800Z" level=warning msg="Running modprobe nf_nat failed with message: ``, error: exec: \"modprobe\": executable file not found in $PATH"
time="2018-10-26T13:25:09.920733300Z" level=warning msg="Running modprobe xt_conntrack failed with message: ``, error: exec: \"modprobe\": executable file not found in $PATH"
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
1 answers
solution1
0 2018-10-26 14:25:48
A typical Docker container is run with a restricted set of permissions. Even if you are root in the container, you cannot modify the network configuration, nor can you mount filesystems. So the error you are seeing...
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
...is happening because of that restriction. You can create an unrestricted container by creating with your container with:
docker run --privileged ...
You may be able to use something slightly more granular and grant the NET_ADMIN capability, as in:
docker run --cap-add NET_ADMIN ...
This will work as long as the only "special" privilege required by the container is network configuration.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.