desktop-linux
desktop-linux copied to clipboard
docker
Can't console into any containers running on Rocky Linux 9 docker instance
- [ ] I have tried with the latest version of Docker Desktop
- [ ] I have tried disabling enabled experimental features
- [ ] I have uploaded Diagnostics
- Diagnostics ID:
Expected behavior
Trying to get a console into a container using:
docker exec -ti
Actual behavior
Rocky Linux SSH session returning this error instead of granting me access
OCI runtime exec failed: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: unknown
Information
Install Rocky Linux minimum install
Items installed post Rocky Linux minimum install sudo yum update sudo yum install -y open-vm-tools sudo yum install -y open-vm-tools-desktop sudo yum -y install net-tools sudo yum install -y nfs-utils nfs4-acl-tools sudo yum -y install nano
NOTE: I also disabled IPv6 during the installation
Method of installing Docker sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo sudo dnf update sudo dnf install -y docker-ce docker-ce-cli containerd.io sudo systemctl enable docker sudo systemctl start docker
-
Linux distro: Rocky Linux 9 x64
-
Distro version: Linux version 5.14.0-70.17.1.el9_0.x86_64 ([email protected]) (gcc (GCC) 11.2.1 20220127 (Red Hat 11.2.1-9), GNU ld version 2.35.2-17.el9) # 1 SMP PREEMPT Wed Jul 13 18:23:04 UTC 2022
-
Docker Desktop Version: Not running Docker Desktop but this is where i was directed, I am running Docker version 20.10.17, build 100c701 Output from docker version
docker version
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:03:29 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:12 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.7
GitCommit: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
runc:
Version: 1.1.3
GitCommit: v1.1.3-0-g6724737
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Steps to reproduce the behavior
- Install Rocky Linux 9 on a VM with 4 vCPU and 8GB of RAM
- Select minimum install & disable IPv6 during installation option selection
- Items installed post Rocky Linux minimum install ``` sudo yum update sudo yum install -y open-vm-tools sudo yum install -y open-vm-tools-desktop sudo yum -y install net-tools sudo yum install -y nfs-utils nfs4-acl-tools sudo yum -y install nano
4. **Method of installing Docker**```
sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf update
sudo dnf install -y docker-ce docker-ce-cli containerd.io
sudo systemctl enable docker
sudo systemctl start docker
- create any container
- Attempt to get console access to it by running
docker exec -ti <containername> bin/sh - Watch as error above is returned
I have a similar issue (not entirely sure the same though) on Ubuntu 22.04 LTS even though I use not Docker Desktop but just a docker-ce package.
It manifests with exactly the same error:
OCI runtime exec failed: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: unknown
The only difference (I assume) is that it appears only after some time of running.
For example - I started container yesterday and today I couldn't exec into it due to the error above.
The strange thing is that all shells that have been already opened from y'day continued to work fine today.
After restarting Docker with systemctl restart docker things got back to norm. Although all containers ended up being stopped despite setting "live-restore": true in /etc/docker/daemon.json.
What's also interesting is that after doing systemctl daemon-reload I'm getting the same error again:
OCI runtime exec failed: exec failed: unable to start container process: open /dev/pts/1: operation not permitted: unknown
(not sure if it helps, but note pts change from 0 to 1)
And even systemctl restart docker is not helping anymore - only full system reboot.
And for completeness - same issue in ArchLinux: https://bbs.archlinux.org/viewtopic.php?id=277995
Here is what I've found wrt this issue in containerd and runc repos:
https://github.com/containerd/containerd/issues/7219
https://github.com/opencontainers/runc/issues/3551
So it might be just inherited from upstream libs.
wget https://download.docker.com/linux/centos/8/x86_64/stable/Packages/containerd.io-1.6.4-3.1.el8.x86_64.rpm sudo rpm -ivh *.rpm and sudo reboot
contianerd.io 1.6.4 is working.
I have the same issue on Ubuntu 22.04.1, Docker version 20.10.17, build 100c701. I could attach to the container by running docker exec -it my-container bash at the beginning, but after the container run for a while, I could not attach to it anymore, throwing the following error:
OCI runtime exec failed: exec failed: unable to start container process: open /dev/pts/0: operation not permitted: unknown
for those running into this; are you still seeing this with the containerd.io 1.6.8 package (which contains runc v1.4.0 with a fix)?
There hasn't been any activity on this issue for a long time.
If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment.
If not, this issue will be closed in 30 days.
Prevent issues from auto-closing with a /lifecycle frozen comment.
/lifecycle stale
There hasn't been any activity on this issue for a long time.
If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment.
If not, this issue will be closed in 30 days.
Prevent issues from auto-closing with a /lifecycle frozen comment.
/lifecycle stale
![docker-robot[bot] avatar](https://avatars.githubusercontent.com/in/336660?v=4 "Published by a pub.dev verified publisher"){kind=small}