挂载 /dev/mapper/docker 需要进行身份验证

2024-5-26 • tag-icon

KDE 不断提示我进行身份验证（或者它只是挂起等待提示）以运行某些 docker 命令，例如

docker run java:8-jdk-alpine sh

我需要更改什么才能以普通用户身份运行所有 docker 命令而不会出现提示或错误？

groups

wheel kvm users wireshark docker xenoterracide libvirt

这是我的docker info（它不会提示我这样做）

Containers: 3
 Running: 0
 Paused: 0
 Stopped: 3
Images: 1
Server Version: 1.11.2
Storage Driver: devicemapper
 Pool Name: docker-254:0-6957350-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: ext4
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 2.021 GB
 Data Space Total: 107.4 GB
 Data Space Available: 34.31 GB
 Metadata Space Used: 2.982 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.145 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.130 (2016-07-06)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge null host
Kernel Version: 4.6.4-1-ARCH
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.509 GiB
Name: slave-vi
ID: QOZQ:A2YV:Z5RG:PWMW:3OYD:TF4V:FSLU:QXLC:YZN6:PPK6:AR43:6OY4
Docker Root Dir: /var/lib/docker
Debug mode (client): false
Debug mode (server): false
Username: xenoterracide
Registry: https://index.docker.io/v1/

这 systemctl status docker

    slave-vi
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2016-07-15 20:24:29 CDT; 17min ago
     Docs: https://docs.docker.com
 Main PID: 450 (docker)
    Tasks: 22 (limit: 512)
   Memory: 77.6M
      CPU: 1.375s
   CGroup: /system.slice/docker.service
           ├─450 /usr/bin/docker daemon -H fd://
           └─492 docker-containerd -l /var/run/docker/libcontainerd/docker-containerd.sock --runtime docker-runc --start-timeout 2m

Jul 15 20:24:54 slave-vi docker[450]: time="2016-07-15T20:24:54.769451674-05:00" level=error msg="Handler for POST /v1.23/containers/cf518ce5e49dd6183885360452d06c4bee593b713f
Jul 15 20:25:25 slave-vi docker[450]: time="2016-07-15T20:25:25.573359681-05:00" level=error msg="devmapper: Error unmounting device 0485145b660e8fe3b9cc1937cb7e2d13db0876551f
Jul 15 20:25:25 slave-vi docker[450]: time="2016-07-15T20:25:25.573434836-05:00" level=error msg="Clean up Error! Cannot destroy container 6caa520ededd9e0756068519966bbe52e9a7
Jul 15 20:25:25 slave-vi docker[450]: time="2016-07-15T20:25:25.573470387-05:00" level=error msg="Handler for POST /v1.23/containers/create returned error: Device is Busy"
Jul 15 20:25:45 slave-vi docker[450]: time="2016-07-15T20:25:45.754865693-05:00" level=error msg="devmapper: Error unmounting device 7562098b2c31c03ba89a70026bd2e972a58e8ab04d
Jul 15 20:25:45 slave-vi docker[450]: time="2016-07-15T20:25:45.754923899-05:00" level=error msg="Clean up Error! Cannot destroy container 0dd5faab57250342bfe4ec8b065e642b718c
Jul 15 20:25:45 slave-vi docker[450]: time="2016-07-15T20:25:45.754950726-05:00" level=error msg="Handler for POST /v1.23/containers/create returned error: Device is Busy"
Jul 15 20:26:05 slave-vi docker[450]: time="2016-07-15T20:26:05.909278538-05:00" level=error msg="devmapper: Error unmounting device d7e24811b54fac4db8cd0df20552740b6dfe274f93
Jul 15 20:26:05 slave-vi docker[450]: time="2016-07-15T20:26:05.909341643-05:00" level=error msg="Clean up Error! Cannot destroy container 91e46ef0d87ee32009208cf269d95e5883da
Jul 15 20:26:05 slave-vi docker[450]: time="2016-07-15T20:26:05.909373960-05:00" level=error msg="Handler for POST /v1.23/containers/create returned error: Device is Busy"

更多输出

docker run -it --rm java:8                                                                                                                                       slave-vi
root@f5038cf9cef6:/# ls /
bin  boot  core  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@f5038cf9cef6:/# ls /srv/
root@f5038cf9cef6:/# exit
exit
Error response from daemon: Driver devicemapper failed to remove root filesystem f5038cf9cef63035e064d016645ea2266985c0b1e070c615876bbf025daf8b80: Device is Busy

也许与此有关漏洞

答案1

我还更新了docker.service文件按照说明我不确定这是否真的有帮助，如果只是禁用 kde 的自动挂载是关键

ExecStart=/usr/bin/docker daemon -H fd:// -H unix://var/run/docker.sock
MountFlags=private

答案1

相关内容