boilerplates icon indicating copy to clipboard operation
boilerplates copied to clipboard

Published 20 hours ago verified publisher icon ChristianLempa

`privileged: true` is missing for `cadvisor/docker-compose.yml`

Open PhilipMay opened this issue 2 years ago • 1 comments

Hi,

first, many thanks for your super helpful videos.

In the config IMO there is this privileged: true missing.

Without it I am getting this in the logs:

Could not configure a source for OOM detection, disabling OOM events: open /dev/kmsg: operation not permitted

see https://github.com/xcad2k/boilerplates/blob/2ccfecbb5be3c001b6bf332329f3cca4371bd549/docker-compose/prometheus/exporters/cadvisor/docker-compose.yml#L17

PhilipMay avatar Jun 05 '22 05:06 PhilipMay

I don't think you need privileged. Rather, try declaring it like this:

devices:
  - /dev/kmsg:/dev/kmsg

See https://docs.docker.com/compose/compose-file/compose-file-v3/#devices. Hope this works.

Edit: it does, but only after performing sysctl kernel.dmesg_restrict = 0 on the Docker host. Still better than giving the container privileged permissions IMHO. To change the setting permanently:

echo "sysctl kernel.dmesg_restrict = 0" | sudo tee /etc/sysctl.d/99-cadvisor.conf
sudo sysctl -p /etc/sysctl.d/99-cadvisor.conf

thetredev avatar Jun 09 '22 16:06 thetredev

the fix didn't work for me, adding privileged to the compose file.

ChristianLempa avatar Nov 17 '22 08:11 ChristianLempa