Mémo pour éviter le message d’erreur : « mount through procfd: permission denied » au lancement d’un container Docker dans un container LXC/LXD.
Symptôme
A l’exécution d’un container Docker :
|
1 2 |
command lxc exec mon_container_1 bash command docker run hello-world |
Résultat :
|
1 2 |
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "proc" to rootfs at "/proc" caused: mount through procfd: permission denied: unknown. ERRO[0000] error waiting for container: context canceled |
Correction
Sur la machine hôte :
|
1 2 3 4 |
command lxc stop --all command lxc config set mon_container_1 security.nesting true command lxc config set mon_container_2 security.nesting true command lxc start --all |
Vérification :
|
1 2 |
command lxc exec mon_container_1 bash command docker run hello-world |
Résultat :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ |
Et voilà !
