Menu
I have a container x that fails to start automatically upon host boot.
The last message in the container's log is:
set apparmor profile docker-default: no such file or directory
The same container x runs fine if I manually run "docker start x"
Any ideas on what's wrong with my environment ?
790
ensure AppArmor is not disabled in /etc/default/grub if using Ubuntu kernels, or if using non-Ubuntu kernels, that /etc/default/grub has apparmor=1 security=apparmor. ensuring that the apparmor package is installed. enabling the systemd unit: sudo systemctl enable apparmor && sudo systemctl start apparmor.
AppArmor is an established technology first seen in Immunix and later integrated into Ubuntu, Novell/SUSE, and Mandriva. Core AppArmor functionality is in the mainline Linux kernel from 2.6.
By default, Docker applies the docker-default AppArmor profile to new containers. In Docker 1.13 and later this is profile is created in tmpfs and then loaded into the kernel. On Docker 1.12 and earlier it is located in /etc/apparmor. d/docker/ .
AppArmor is installed and loaded by default. It uses profiles of an application to determine what files and permissions the application requires. Some packages will install their own profiles, and additional profiles can be found in the apparmor-profiles package.
Apparently, installing apparmor is not enough, since the problem happens even with apparmor installed. More exactly, the error happens because of the docker daemon being loaded before apparmor set its config as explained here. Should work after that. At least, for me it did.
AppArmor (“Application Armor”) is a Linux kernel security module that allows the system administrator to restrict programs’ capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths.
As a note to others who may run into this same issue, the main crux of the issue was that the core snap on the 3001 where docker would run successfully was at a newer core snap version, whereas on the 5100, the core snap was stuck at the same outdated version that shipped with the factory Ubuntu Core image.
I just updated to the latest version of docker (first to 0.11.0 and now to 0.11.0) and I am experiencing the same thing on Linux Mint 15 Olivia. Installing apparmor seems to have fixed the issue:
sudo apt-get install apparmor
In case you are using fig... I was having the same issue because a wrong "volumes" entry in my fig.yml:
db:
image: postgres:9
volumes: ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
After changing it to the following code, docker could start the "db" container:
db:
image: postgres:9
volumes:
- ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
