for-linux icon indicating copy to clipboard operation
for-linux copied to clipboard
verified publisher icon docker

Namespace directory /var/lib/docker/user.group not created with --userns-remap="default"

Open osorito opened this issue 1 year ago • 0 comments

Expected behavior

According to the official Docker documentation for Enable Userns Remap on the Daemon, in step 5) "Verify that a namespaced directory exists within /var/lib/docker/ named with the UID and GID of the namespaced user, owned by that UID and GID, and not group-or-world-readable".

Actual behavior Docker with userns-remap enabled should create directories in /var/lib/docker with userns-remap. Directory /var/lib/docker/165536.165536 not found

Screenshot 2024-07-22 at 3 30 55 PM

Steps to reproduce the behavior

Fresh install of Docker, os debian . Selected no to create portainer. Screenshot 2024-07-22 at 3 36 06 PM

Confirm dockremap is created

Screenshot 2024-07-22 at 3 43 52 PM

Verified no containers or images in system Screenshot 2024-07-22 at 3 40 32 PM

Configuration of override.conf Screenshot 2024-07-22 at 3 46 19 PM

With userns-remap disabled docker service is active Screenshot 2024-07-22 at 3 48 04 PM

Once enabled if fails Screenshot 2024-07-22 at 3 50 57 PM

Logfile Screenshot 2024-07-22 at 3 59 19 PM

Docker version Screenshot 2024-07-22 at 4 01 57 PM

Docker info root@docker:/etc/systemd/system/docker.service.d# docker info Client: Docker Engine - Community Version: 27.1.0 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.16.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.29.0 Path: /root/.docker/cli-plugins/docker-compose

Server: Containers: 1 Running: 0 Paused: 0 Stopped: 1 Images: 0 Server Version: 27.1.0 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: true Logging Driver: journald Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41 runc version: v1.1.13-0-g58aa920 init version: de40ad0 Security Options: seccomp Profile: builtin cgroupns Kernel Version: 6.8.4-2-pve Operating System: Debian GNU/Linux 12 (bookworm) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 4GiB Name: docker ID: 94d17bd9-12c8-417b-9090-2482c4aa2746 Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

root@docker:/etc/systemd/system/docker.service.d#

Additional information Host Screenshot 2024-07-22 at 4 04 56 PM

osorito avatar Jul 22 '24 20:07 osorito