尝试在 LXD 容器内运行 docker 容器时出现此错误
运行此 docker 容器需要 gpu(我认为这可能会产生影响
(base) root@sim2real:~# sudo docker start sim2real_server
Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: apply caps: operation not permitted: unknown
Error: failed to start containers: sim2real_server
(base) root@sim2real:~#
在查看其他答案后,我已将 lxd 容器配置如下
lxc config show sim2real
architecture: x86_64
config:
image.architecture: amd64
image.description: Ubuntu focal amd64 (20220305_07:42)
image.os: Ubuntu
image.release: focal
image.serial: "20220305_07:42"
image.type: squashfs
image.variant: default
raw.lxc: lxc.cgroup.devices.allow=a lxc.apparmor.profile=unconfined lxc.cap.drop=
lxc.mount.auto=cgoup:rw:force
security.nesting: "true"
security.privileged: "true"
security.syscalls.intercept.mknod: "true"
security.syscalls.intercept.setxattr: "true"
volatile.base_image: 6f1c83cc14bfd1442678132bb67bb62d2eace4473fbf16d4b40c5e3aa8c8993f
volatile.eth0.host_name: vethf369ca4a
volatile.eth0.hwaddr: 00:16:3e:a2:1d:23
volatile.idmap.base: "0"
volatile.idmap.current: '[]'
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: RUNNING
volatile.uuid: 20a1b524-f313-43c9-b0e3-f8f41c18b52a
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
gpu:
type: gpu
proxy0:
bind: host
connect: tcp:10.241.91.250:22
listen: tcp:10.178.2.168:6003
type: proxy
proxy1:
bind: host
connect: tcp:10.241.91.250:4000
listen: tcp:10.178.2.168:6004
type: proxy
sharefile:
path: /home/share
source: /home/wzy/Downloads
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
但问题仍然存在,我该如何解决
答案1
当我尝试使用 docker-compose INSIDE LXC 容器启动一些容器时,收到了完全相同的错误消息。
我发现这些容器有配置
privileged: true
在我的 docker-compose.yml 上,它已由 lxc 配置提供。从 .yml 中删除此行解决了问题。希望这能有所帮助。
关于我的环境的说明:
- 码头工人:20.10.14-ce
- docker-compose:1.16.1
- LXD/LXC:5.2(通过 snap 安装)
參考文獻: