Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/exec: no such file or directory: unknown #74

Open
QGB opened this issue Sep 12, 2022 · 2 comments
Open

Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/exec: no such file or directory: unknown #74

QGB opened this issue Sep 12, 2022 · 2 comments

Comments

@QGB
Copy link

QGB commented Sep 12, 2022 

version: '3'

services:
  nfs-server:
    image: erichough/nfs-server
    ports:
      - 127.0.11.20:2049:2049
      - 127.0.11.20:111:111
      - 127.0.11.20:32767:32767
      - 127.0.11.20:32765:32765
    volumes:
      - ./exports.txt:/etc/exports:ro
  #   - ./data/nfs-export:/export
      - /lib/modules:/lib/modules:ro
    cap_add:
        - SYS_ADMIN
        - SYS_MODULE
    security_opt:
      - apparmor=erichough-nfs

error:

# docker-compose up
[+] Running 2/2
 ⠿ Network qgb_nfs_default         Created                                                                                                                                            0.1s
 ⠿ Container qgb_nfs-nfs-server-1  Created                                                                                                                                            0.1s
Attaching to qgb_nfs-nfs-server-1
Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/exec: no such file or directory: unknown
@QGB
Copy link
Author

QGB commented Sep 12, 2022

remove security_opt:
- apparmor=erichough-nfs

[+] Running 1/1
 ⠿ Container qgb_nfs-nfs-server-1  Recreated                                                                                                                                          0.1s
Attaching to qgb_nfs-nfs-server-1
qgb_nfs-nfs-server-1  | 
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1  |       SETTING UP ...
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1  | ----> setup complete
qgb_nfs-nfs-server-1  | 
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1  |       STARTING SERVICES ...
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1  | mount: mounting rpc_pipefs on /var/lib/nfs/rpc_pipefs failed: Permission denied
qgb_nfs-nfs-server-1  | ----> 
qgb_nfs-nfs-server-1  | ----> ERROR: unable to mount rpc_pipefs filesystem onto /var/lib/nfs/rpc_pipefs
qgb_nfs-nfs-server-1  | ----> 
qgb_nfs-nfs-server-1  | 
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1  |       TERMINATING ...
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1  | ----> terminating nfsd
qgb_nfs-nfs-server-1  | ----> WARNING: unable to terminate nfsd. if it had started already, check Docker host for lingering [nfsd] processes
qgb_nfs-nfs-server-1  | ----> rpc.statd was not running
qgb_nfs-nfs-server-1  | ----> rpc.mountd was not running
qgb_nfs-nfs-server-1  | ----> un-exporting filesystem(s)
qgb_nfs-nfs-server-1  | ----> rpcbind was not running
qgb_nfs-nfs-server-1  | ----> no active mount at /proc/fs/nfsd
qgb_nfs-nfs-server-1  | ----> no active mount at /var/lib/nfs/rpc_pipefs
qgb_nfs-nfs-server-1  | 
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1  |       TERMINATED
qgb_nfs-nfs-server-1  | ==================================================================
qgb_nfs-nfs-server-1 exited with code 0

@QGB
Copy link
Author

QGB commented Sep 12, 2022

apparmor_status

# apparmor_status
apparmor module is loaded.
12 profiles are loaded.
12 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/lxc-start
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/lxd/lxd-bridge-proxy
   /usr/sbin/tcpdump
   docker-default
   lxc-container-default
   lxc-container-default-cgns
   lxc-container-default-with-mounting
   lxc-container-default-with-nesting
0 profiles are in complain mode.
7 processes have profiles defined.
7 processes are in enforce mode.
   /sbin/dhclient (904) 
   docker-default (2054) 
   docker-default (2093) 
   docker-default (2118) 
   docker-default (2119) 
   docker-default (29671) 
   docker-default (32254) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@QGB