contained.af icon indicating copy to clipboard operation
contained.af copied to clipboard

Published 20 hours ago verified publisher icon genuinetools

terminal error

Open dac4755 opened this issue 6 years ago • 2 comments

Hi. I'm getting the following in the logs: DEBU[0309] received from container websocket: standard_init_linux.go:190: exec user process caused "permission denied" Every time I reload the page I see that error, "standard_initlinux.go:190..." flash in the terminal box on the page and in the log stream. I'm guessing that this is related to connecting a shell to the terminal window. Any hint on how to debug this would be appreciated. All the other functionality, AFAIK, works fine. This is on ubuntu. I have minimal docker/container knowledge so I may be doing something obviously wrong.

dac4755 avatar Jun 28 '18 20:06 dac4755

what browser are you using?

jessfraz avatar Jul 08 '18 13:07 jessfraz

I'm similarly experiencing this issue on Ubuntu 18.04.

$ uname -a
Linux sparky 4.15.0-33-generic #36-Ubuntu SMP Wed Aug 15 16:00:05 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ sudo docker version
Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        e68fc7a
 Built:             Tue Aug 21 17:24:51 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       e68fc7a
  Built:            Tue Aug 21 17:23:15 2018
  OS/Arch:          linux/amd64
  Experimental:     false

This looks to be an issue with the nested dockerd run from the dind/setup_certs.sh container.

/usr/src/contained.af # docker --tls --tlskey /etc/docker/ssl/client.key --tlscert /etc/docker/ssl/client.cert  -H 127.0.0.1:2375 version
Client:
 Version:      17.05.0-ce
 API version:  1.29
 Go version:   go1.8.1
 Git commit:   v17.05.0-ce
 Built:        Tue May 16 10:10:15 2017
 OS/Arch:      linux/amd64

Server:
 Version:      18.06.1-ce
 API version:  1.38 (minimum version 1.12)
 Go version:   go1.10.3
 Git commit:   e68fc7a
 Built:        Tue Aug 21 17:28:38 2018
 OS/Arch:      linux/amd64
 Experimental: false
/usr/src/contained.af # docker --tls --tlskey /etc/docker/ssl/client.key --tlscert /etc/docker/ssl/client.cert  -H 127.0.0.1:2375 run hello-world
standard_init_linux.go:190: exec user process caused "permission denied"

It it somehow doesn't have the necessary privileges to run containers. This is odd as it seems to be running as full root:

$ ps aux | grep dockerd | grep 2375
root     14029  0.3  0.1 542212 55372 ?        Ssl  Sep03   4:38 dockerd -D --storage-driver aufs -H tcp://127.0.0.1:2375 --host=unix:///var/run/docker.sock --userns-remap default --log-driver=none --exec-opt=native.cgroupdriver=cgroupfs --ip-forward=false --ip-masq=false --icc=false --tlsverify --tlscacert=/etc/docker/ssl/cacert.pem --tlskey=/etc/docker/ssl/server.key --tlscert=/etc/docker/ssl/server.cert
$ pscap -a | grep 14029       
14000 14029 root        dockerd           full
14029 14099 root        docker-containe   full

Any thoughts on what might be going on here?

ChaosData avatar Sep 04 '18 04:09 ChaosData