Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Namespace directory /var/lib/docker/user.group not created with --userns-remap="default" #1499

Open
osorito opened this issue Jul 22, 2024 · 0 comments
Open

Namespace directory /var/lib/docker/user.group not created with --userns-remap="default" #1499

osorito opened this issue Jul 22, 2024 · 0 comments

Comments

@osorito
Copy link

osorito commented Jul 22, 2024

Expected behavior

According to the official Docker documentation for Enable Userns Remap on the Daemon,
in step 5) "Verify that a namespaced directory exists within /var/lib/docker/ named with the UID and GID of the
namespaced user, owned by that UID and GID, and not group-or-world-readable".

Actual behavior
Docker with userns-remap enabled should create directories in /var/lib/docker with userns-remap.
Directory /var/lib/docker/165536.165536 not found

Screenshot 2024-07-22 at 3 30 55 PM

Steps to reproduce the behavior

Fresh install of Docker, os debian . Selected no to create portainer.
Screenshot 2024-07-22 at 3 36 06 PM

Confirm dockremap is created

Screenshot 2024-07-22 at 3 43 52 PM

Verified no containers or images in system
Screenshot 2024-07-22 at 3 40 32 PM

Configuration of override.conf
Screenshot 2024-07-22 at 3 46 19 PM

With userns-remap disabled docker service is active
Screenshot 2024-07-22 at 3 48 04 PM

Once enabled if fails
Screenshot 2024-07-22 at 3 50 57 PM

Logfile
Screenshot 2024-07-22 at 3 59 19 PM

Docker version
Screenshot 2024-07-22 at 4 01 57 PM

Docker info
root@docker:/etc/systemd/system/docker.service.d# docker info
Client: Docker Engine - Community
Version: 27.1.0
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.16.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.29.0
Path: /root/.docker/cli-plugins/docker-compose

Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 0
Server Version: 27.1.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: true
Logging Driver: journald
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.8.4-2-pve
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 4GiB
Name: docker
ID: 94d17bd9-12c8-417b-9090-2482c4aa2746
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

root@docker:/etc/systemd/system/docker.service.d#

Additional information
Host
Screenshot 2024-07-22 at 4 04 56 PM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@osorito