docker
docker copied to clipboard
docker-library
docker/dind-rootless: 'Cannot connect to the Docker daemon' on MacOS (Silicon) Docker Desktop
I'm unable to make dind-rootless (arm64v8) work with Docker Desktop for MacOS (Silicon) due to:
~ docker run -d --name=docker-dind-rootless-arm64 --platform linux/arm64/v8 --privileged docker:dind-rootless
17ce670ad44fb090f94f2ea1624056d7c3a67dfeb1a7f5266ed6d88e9122979d
~ docker ps -n 1
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
17ce670ad44f docker "dockerd-entrypoint.…" 51 seconds ago Up 50 seconds 2375-2376/tcp docker-dind-rootless-arm64
~ docker exec -it docker-dind-rootless-arm64 docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
docker-info
Client:
Version: 25.0.2
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.12.1-desktop.4
Path: /Users/<myusername>/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.24.3-desktop.1
Path: /Users/<myusername>/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container. (Docker Inc.)
Version: 0.0.22
Path: /Users/<myusername>/.docker/cli-plugins/docker-debug
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: /Users/<myusername>/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.21
Path: /Users/<myusername>/.docker/cli-plugins/docker-extension
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.4
Path: /Users/<myusername>/.docker/cli-plugins/docker-feedback
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.0.0
Path: /Users/<myusername>/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/<myusername>/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.3.0
Path: /Users/<myusername>/.docker/cli-plugins/docker-scout
WARNING: Plugin "/Users/<myusername>/.docker/cli-plugins/docker-scan" is not valid: failed to fetch metadata: fork/exec /Users/<myusername>/.docker/cli-plugins/docker-scan: no such file or directory
Server:
Containers: 38
Running: 37
Paused: 0
Stopped: 1
Images: 22
Server Version: 25.0.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 6.6.12-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 10
Total Memory: 15.85GiB
Name: docker-desktop
ID: fe669af4-3bb9-4562-954f-513dcd5713fe
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: daemon is not using the default seccomp profile
docker logs (some issues - unknown if related)
~ docker logs docker-dind-rootless-arm64
Certificate request self-signature ok
subject=CN = docker:dind server
/certs/server/cert.pem: OK
Certificate request self-signature ok
subject=CN = docker:dind client
/certs/client/cert.pem: OK
cat: can't open '/proc/net/ip_tables_names': Permission denied
cat: can't open '/proc/net/ip6_tables_names': Permission denied
cat: can't open '/proc/net/arp_tables_names': Permission denied
Device "nf_tables" does not exist.
modprobe: can't change directory to '/lib/modules': No such file or directory
Device "ip_tables" does not exist.
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.10 (nf_tables)
[WARN tini (98)] Tini is not running as PID 1 and isn't registered as a child subreaper.
Zombie processes will not be re-parented to Tini, so zombie reaping won't work.
To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.
time="2024-02-15T12:17:49.877407387Z" level=info msg="Starting up"
time="2024-02-15T12:17:49.877451762Z" level=warning msg="Running in rootless mode. This mode has feature limitations."
time="2024-02-15T12:17:49.877455471Z" level=info msg="Running with RootlessKit integration"
time="2024-02-15T12:17:49.878036679Z" level=info msg="containerd not running, starting managed containerd"
time="2024-02-15T12:17:49.878678471Z" level=info msg="started new containerd process" address=/run/user/1000/docker/containerd/containerd.sock module=libcontainerd pid=114
time="2024-02-15T12:17:49.894674387Z" level=info msg="starting containerd" revision=7c3aca7a610df76212171d200ca3811ff6096eb8 version=v1.7.13
time="2024-02-15T12:17:49.903924846Z" level=info msg="loading plugin \"io.containerd.event.v1.exchange\"..." type=io.containerd.event.v1
time="2024-02-15T12:17:49.903950971Z" level=info msg="loading plugin \"io.containerd.internal.v1.opt\"..." type=io.containerd.internal.v1
time="2024-02-15T12:17:49.904021346Z" level=warning msg="failed to load plugin io.containerd.internal.v1.opt" error="mkdir /opt/containerd: permission denied"
time="2024-02-15T12:17:49.904033137Z" level=info msg="loading plugin \"io.containerd.warning.v1.deprecations\"..." type=io.containerd.warning.v1
time="2024-02-15T12:17:49.904040096Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.blockfile\"..." type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.904112262Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.blockfile\"..." error="no scratch file generator: skip plugin" type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.904125137Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.devmapper\"..." type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.904131346Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
time="2024-02-15T12:17:49.904135054Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.native\"..." type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.904179554Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.overlayfs\"..." type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.904396596Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.aufs\"..." type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.905962304Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"Device \\\"aufs\\\" does not exist.\\nmodprobe: can't change directory to '/lib/modules': No such file or directory\\n\"): skip plugin" type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.905985887Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.zfs\"..." type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.906141637Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /home/rootless/.local/share/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
time="2024-02-15T12:17:49.906159387Z" level=info msg="loading plugin \"io.containerd.content.v1.content\"..." type=io.containerd.content.v1
time="2024-02-15T12:17:49.906215971Z" level=info msg="loading plugin \"io.containerd.metadata.v1.bolt\"..." type=io.containerd.metadata.v1
time="2024-02-15T12:17:49.906249054Z" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
time="2024-02-15T12:17:49.906264721Z" level=info msg="metadata content store policy set" policy=shared
time="2024-02-15T12:17:49.912300762Z" level=info msg="loading plugin \"io.containerd.gc.v1.scheduler\"..." type=io.containerd.gc.v1
time="2024-02-15T12:17:49.912345137Z" level=info msg="loading plugin \"io.containerd.differ.v1.walking\"..." type=io.containerd.differ.v1
time="2024-02-15T12:17:49.912358262Z" level=info msg="loading plugin \"io.containerd.lease.v1.manager\"..." type=io.containerd.lease.v1
time="2024-02-15T12:17:49.912365637Z" level=info msg="loading plugin \"io.containerd.streaming.v1.manager\"..." type=io.containerd.streaming.v1
time="2024-02-15T12:17:49.912376762Z" level=info msg="loading plugin \"io.containerd.runtime.v1.linux\"..." type=io.containerd.runtime.v1
time="2024-02-15T12:17:49.912484762Z" level=info msg="loading plugin \"io.containerd.monitor.v1.cgroups\"..." type=io.containerd.monitor.v1
time="2024-02-15T12:17:49.912613262Z" level=info msg="loading plugin \"io.containerd.runtime.v2.task\"..." type=io.containerd.runtime.v2
time="2024-02-15T12:17:49.912705804Z" level=info msg="loading plugin \"io.containerd.runtime.v2.shim\"..." type=io.containerd.runtime.v2
time="2024-02-15T12:17:49.912719762Z" level=info msg="loading plugin \"io.containerd.sandbox.store.v1.local\"..." type=io.containerd.sandbox.store.v1
time="2024-02-15T12:17:49.912725762Z" level=info msg="loading plugin \"io.containerd.sandbox.controller.v1.local\"..." type=io.containerd.sandbox.controller.v1
time="2024-02-15T12:17:49.912732304Z" level=info msg="loading plugin \"io.containerd.service.v1.containers-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912741387Z" level=info msg="loading plugin \"io.containerd.service.v1.content-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912747762Z" level=info msg="loading plugin \"io.containerd.service.v1.diff-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912757137Z" level=info msg="loading plugin \"io.containerd.service.v1.images-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912775512Z" level=info msg="loading plugin \"io.containerd.service.v1.introspection-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912784846Z" level=info msg="loading plugin \"io.containerd.service.v1.namespaces-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912794554Z" level=info msg="loading plugin \"io.containerd.service.v1.snapshots-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912800096Z" level=info msg="loading plugin \"io.containerd.service.v1.tasks-service\"..." type=io.containerd.service.v1
time="2024-02-15T12:17:49.912809971Z" level=info msg="loading plugin \"io.containerd.grpc.v1.containers\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912815804Z" level=info msg="loading plugin \"io.containerd.grpc.v1.content\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912822512Z" level=info msg="loading plugin \"io.containerd.grpc.v1.diff\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912828721Z" level=info msg="loading plugin \"io.containerd.grpc.v1.events\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912835471Z" level=info msg="loading plugin \"io.containerd.grpc.v1.images\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912849679Z" level=info msg="loading plugin \"io.containerd.grpc.v1.introspection\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912854804Z" level=info msg="loading plugin \"io.containerd.grpc.v1.leases\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912860179Z" level=info msg="loading plugin \"io.containerd.grpc.v1.namespaces\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912865762Z" level=info msg="loading plugin \"io.containerd.grpc.v1.sandbox-controllers\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912872137Z" level=info msg="loading plugin \"io.containerd.grpc.v1.sandboxes\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912877054Z" level=info msg="loading plugin \"io.containerd.grpc.v1.snapshots\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912887679Z" level=info msg="loading plugin \"io.containerd.grpc.v1.streaming\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912892762Z" level=info msg="loading plugin \"io.containerd.grpc.v1.tasks\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912899387Z" level=info msg="loading plugin \"io.containerd.transfer.v1.local\"..." type=io.containerd.transfer.v1
time="2024-02-15T12:17:49.912908554Z" level=info msg="loading plugin \"io.containerd.grpc.v1.transfer\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912921846Z" level=info msg="loading plugin \"io.containerd.grpc.v1.version\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.912926929Z" level=info msg="loading plugin \"io.containerd.internal.v1.restart\"..." type=io.containerd.internal.v1
time="2024-02-15T12:17:49.912971887Z" level=info msg="loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." type=io.containerd.tracing.processor.v1
time="2024-02-15T12:17:49.912983012Z" level=info msg="skip loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." error="no OpenTelemetry endpoint: skip plugin" type=io.containerd.tracing.processor.v1
time="2024-02-15T12:17:49.912987429Z" level=info msg="loading plugin \"io.containerd.internal.v1.tracing\"..." type=io.containerd.internal.v1
time="2024-02-15T12:17:49.912991637Z" level=info msg="skipping tracing processor initialization (no tracing plugin)" error="no OpenTelemetry endpoint: skip plugin"
time="2024-02-15T12:17:49.913116096Z" level=info msg="loading plugin \"io.containerd.grpc.v1.healthcheck\"..." type=io.containerd.grpc.v1
time="2024-02-15T12:17:49.913129304Z" level=info msg="loading plugin \"io.containerd.nri.v1.nri\"..." type=io.containerd.nri.v1
time="2024-02-15T12:17:49.913142471Z" level=info msg="NRI interface is disabled by configuration."
time="2024-02-15T12:17:49.913274346Z" level=info msg=serving... address=/run/user/1000/docker/containerd/containerd-debug.sock
time="2024-02-15T12:17:49.913336221Z" level=info msg=serving... address=/run/user/1000/docker/containerd/containerd.sock.ttrpc
time="2024-02-15T12:17:49.913366137Z" level=info msg=serving... address=/run/user/1000/docker/containerd/containerd.sock
time="2024-02-15T12:17:49.913380137Z" level=info msg="containerd successfully booted in 0.019412s"
time="2024-02-15T12:17:50.927986846Z" level=info msg="Loading containers: start."
time="2024-02-15T12:17:50.928131180Z" level=info msg="skipping firewalld management for rootless mode"
time="2024-02-15T12:17:51.003413971Z" level=info msg="Loading containers: done."
time="2024-02-15T12:17:51.006843930Z" level=warning msg="Not using native diff for overlay2, this may cause degraded performance for building images: running in a user namespace" storage-driver=overlay2
time="2024-02-15T12:17:51.006956180Z" level=warning msg="WARNING: Running in rootless-mode without cgroups. Systemd is required to enable cgroups in rootless-mode."
time="2024-02-15T12:17:51.006976721Z" level=info msg="Docker daemon" commit=f417435 containerd-snapshotter=false storage-driver=overlay2 version=25.0.3
time="2024-02-15T12:17:51.007122680Z" level=info msg="Daemon has completed initialization"
time="2024-02-15T12:17:51.034014680Z" level=info msg="API listen on /run/user/1000/docker.sock"
time="2024-02-15T12:17:51.034018680Z" level=info msg="API listen on [::]:2376"
If I just do a docker run -it --rm --name=docker-dind-rootless-arm64 --platform linux/arm64/v8 --privileged docker:dind-rootless sh, the error is slightly different:
error during connect: Get "http://docker:2375/v1.24/containers/json": dial tcp: lookup docker on 192.168.65.7:53: no such host
Important: docker-dind (without rootless) works fine.
Any ideas?
Rootless is special and requires more setup for the client IIRC -- try docker exec -it docker-dind-rootless-arm64 docker-entrypoint.sh docker ps
(Honestly, using Rootless mode inside DinD on top of Docker Desktop seems odd in itself and there might be better ways to accomplish what you're trying to. :sweat_smile:)
