下午好,我目前正在 daemon.json 文件中配置我的容器的用户名,并按照我在下面发布的教程进行操作:
我正在使用以下文档:
https://docs.docker.com/engine/security/userns-remap/
https://sandro-keil.de/blog/docker-daemon-tuning-and-json-file-configuration/
[dockermd]# sudo systemctl restart docker
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
运行 systemctl status docker.service
[dockermd]# sudo systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/docker.service.d
└─http-proxy.conf
Active: failed (Result: exit-code) since Wed 2020-08-05 14:09:34 -04; 2s ago
Docs: https://docs.docker.com
Process: 2480121 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
Main PID: 2480121 (code=exited, status=1/FAILURE)
Aug 05 14:09:34 TMT097 systemd[1]: docker.service: Service RestartSec=2s expired, scheduling restart.
Aug 05 14:09:34 TMT097 systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Aug 05 14:09:34 TMT097 systemd[1]: Stopped Docker Application Container Engine.
Aug 05 14:09:34 TMT097 systemd[1]: docker.service: Start request repeated too quickly.
Aug 05 14:09:34 TMT097 systemd[1]: docker.service: Failed with result 'exit-code'.
Aug 05 14:09:34 TMT097 systemd[1]: Failed to start Docker Application Container Engine.
运行 dockerd
dockerd unable to configure the Docker daemon with file /etc/docker/daemon.json: open /etc/docker/daemon.json: permission denied
所以我有我的 daemon.json
{
"data-root": "/opt/docker",
"storage-driver": "overlay2",
"log-driver": "json-file",
"userns-remap": "10007:10007",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
我的用户 ID
我需要这样做,因为出于安全原因,root权限的使用非常有限,docker root权限的功能非常多,我做这个测试是为了在生产中尽量少用root
我可以采用什么解决方案?