%E2%80%9D.png)
我正在尝试让 docker 在 Debian 11 (bullseye) 上运行,但目前每当我尝试启动容器时都会失败,并出现以下错误:
~$ docker run hello-world
docker: Error response from daemon: failed to create task for container: failed to create shim task:
OCI runtime create failed: runc create failed: unable to start container process:
error during container init: error setting cgroup config for procHooks process:
bpf_prog_query(BPF_CGROUP_DEVICE) failed: function not implemented: unknown.
ERRO[0000] error waiting for container:
systemd.unified_cgroup_hierarchy=0我读过大量关于如何通过在给定 Linux 发行版的引导加载程序中设置内核选项来修复此错误的文章和问题。对于 debian,设置/etc/default/grub如下GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=0":
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=0"
(与 systemd.unified_cgroup_hierarchy=yes 相同)
然后运行update-grub(我尝试过使用和不使用 sudo),最后重新启动系统以使用上述设置启动内核。
这对我不起作用。我不确定 Grub 是否选择了该设置。有些文章指出可以通过查看来验证所应用的设置/proc/cmdline,但我没有看到:
cat /proc/cmdline
console=ttymxc2,115200 earlycon=ec_imx6q,0x30880000,115200 root=/dev/mmcblk2p2 rootwait rw
这是我的系统的一些上下文信息:
~$ uname -a
Linux ucm-imx8m-mini 5.10.35-ucm-imx8m-mini-2.2.1+gbe9842c742e1 #1 SMP PREEMPT Mon May 30 13:25:38 UTC 2022 aarch64 GNU/Linux
~$ hostnamectl
Static hostname: ucm-imx8m-mini
Icon name: computer
Machine ID: 2b579254d31541d0b6b10e4f33c273de
Boot ID: fd96317ebda848bb9908c071348a867e
Operating System: Debian GNU/Linux 11 (bullseye)
Kernel: Linux 5.10.35-ucm-imx8m-mini-2.2.1+gbe9842c742e1
Architecture: arm64
~$ docker info
Client: Docker Engine - Community
Version: 24.0.7
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.21.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 7
Running: 0
Paused: 0
Stopped: 7
Images: 2
Server Version: 24.0.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d8f198a4ed8892c764191ef7b3b06d8a2eeb5c7f
runc version: v1.1.10-0-g18a0cb0
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.10.35-ucm-imx8m-mini-2.2.1+gbe9842c742e1
Operating System: Debian GNU/Linux 11 (bullseye)
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 1.902GiB
Name: ucm-imx8m-mini
ID: 822ea2f7-5cb0-4b3b-8f06-9ebdb1517bae
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled