Docker：添加--privileged后，docker返回錯誤

Question

github問題

因為我錯誤地在 /var/lib/docker/containers 手動刪除了一個正在運行的容器目錄，所以 --privileged 返回錯誤。 但它在沒有 --privileged 的情況下工作。

$ docker run -d --name=hello --privileged=true hello-world                                                
fd6cdf95eb1ed7617f4580eef556a2f64fff7b9afb144d346af3916d83704de4
docker: Error response from daemon: failed to create shim: OCI runtime create failed: runc create failed: unable to start container process: unable to apply cgroup configuration: chown /sys/fs/cgroup/system.slice/docker-fd6cdf95eb1ed7617f4580eef556a2f64fff7b9afb144d346af3916d83704de4.scope/memory.oom.group: no such file or directory: unknown.

systemctl 日志：

1月 27 14:30:28 pi dockerd[630408]: time="2022-01-27T14:30:28.182022716+08:00" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/3a42ea697432d31ffa04730b321526da2cb8e9490f9fc6edb68dda623e5bfa2c pid=645804
1月 27 14:30:28 pi dockerd[630408]: time="2022-01-27T14:30:28.434396893+08:00" level=info msg="shim disconnected" id=3a42ea697432d31ffa04730b321526da2cb8e9490f9fc6edb68dda623e5bfa2c
1月 27 14:30:28 pi dockerd[630408]: time="2022-01-27T14:30:28.434794719+08:00" level=warning msg="cleaning up after shim disconnected" id=3a42ea697432d31ffa04730b321526da2cb8e9490f9fc6edb68dda623e5bfa2c namespace=moby
1月 27 14:30:28 pi dockerd[630408]: time="2022-01-27T14:30:28.434912272+08:00" level=info msg="cleaning up dead shim"
1月 27 14:30:28 pi dockerd[630408]: time="2022-01-27T14:30:28.492815104+08:00" level=warning msg="cleanup warnings time=\"2022-01-27T14:30:28+08:00\" level=info msg=\"starting signal loop\" namespace=moby pid=645826\n"
1月 27 14:30:28 pi dockerd[630408]: time="2022-01-27T14:30:28.494742125+08:00" level=error msg="copy shim log" error="read /proc/self/fd/25: file already closed"
1月 27 14:30:28 pi dockerd[630400]: time="2022-01-27T14:30:28.501658261+08:00" level=error msg="stream copy error: reading from a closed fifo"
1月 27 14:30:28 pi dockerd[630400]: time="2022-01-27T14:30:28.501842720+08:00" level=error msg="stream copy error: reading from a closed fifo"
1月 27 14:30:28 pi dockerd[630400]: time="2022-01-27T14:30:28.931391572+08:00" level=error msg="3a42ea697432d31ffa04730b321526da2cb8e9490f9fc6edb68dda623e5bfa2c cleanup: failed to delete container from containerd: no such container"

docker 版本：

docker version                                                                                           [9:53:58]
Client:
 Version:           20.10.12
 API version:       1.41
 Go version:        go1.17.5
 Git commit:        e91ed5707e
 Built:             Tue Dec 14 20:49:29 2021
 OS/Arch:           linux/arm64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.12
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.5
  Git commit:       459d0dfbbb
  Built:            Tue Dec 14 20:48:54 2021
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          v1.5.9
  GitCommit:        1407cab509ff0d96baa4f0eb6ff9980270e6e620.m
 runc:
  Version:          1.1.0
  GitCommit:        v1.1.0-0-g067aaf85
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Answer 1

建議從其他主機安裝 docker 並將/usr/bin/runc文件復制到有問題的主機

Answer 2

當我創建一個普通容器時，它可以工作，但有一個警告： Your kernel does not support memory limit capabilities or the cgroup is not mounted. .

所以我在 /boot/cmdline.txt 的末尾添加了/boot/cmdline.txt cgroup_enable=memory cgroup_memory=1並重新啟動。

然后我所有的問題都解決了，雖然我仍然不知道為什么。