Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

docker on ubuntu 16.04 error when killing container

People also ask

How do you gracefully kill a docker container?

docker rm -f The final option for stopping a running container is to use the --force or -f flag in conjunction with the docker rm command. Typically, docker rm is used to remove an already stopped container, but the use of the -f flag will cause it to first issue a SIGKILL.

What happens when you kill a docker container?

The docker kill subcommand kills one or more containers. The main process inside the container is sent SIGKILL signal (default), or the signal that is specified with the --signal option. You can reference a container by its ID, ID-prefix, or name.

How do I kill a running docker image?

docker container kill $(docker ps -q) — Kill all running containers. Then you delete the container with: docker container rm my_container — Delete one or more containers. docker container rm $(docker ps -a -q) — Delete all containers that are not running.

How do I kill a docker container after running?

To stop one or more running Docker containers, you can use the docker stop command. The syntax is simple: $ docker stop [OPTIONS] CONTAINER [CONTAINER...] You can specify one or more containers to stop.


For me removing the unknown from AppArmor works:

sudo aa-remove-unknown

AppArmor (Application Armor) is a Linux security module that protects an operating system and its applications from security threats. To use it, a system administrator associates an AppArmor security profile with each program. Docker expects to find an AppArmor policy loaded and enforced. Check default profiles with:

# sudo apparmor_status

To use docker default profile on a container, run:

$ docker run --rm -it --name test-container --security-opt apparmor=docker-default image-name

You disable it using the commands:

--security-opt apparmor=unconfined

With the docker run commands.

To disable apparmor service, use:

# systemctl stop apparmor && systemctl disable apparmor

For Ubuntu 14. Use:

# service apparmor stop
# update-rc.d -f apparmor remove

It’s recommended to set working profiles for Docker apparmor than disabling it, especially for production setups.

Check this awesome google document on Securing Containers with AppArmor.

https://cloud.google.com/container-optimized-os/docs/how-to/secure-apparmor


This command will stop all docker containers.

sudo killall docker-containerd-shim

This command will remove all docker containers.

sudo docker-compose down

Just run this command in the terminal, all docker running container will stoped

sudo systemctl restart docker.service

Follow these steps to be able to stop the container:

Disable the apparmor service:

sudo systemctl disable apparmor.service --now

Unload AppArmor profiles:

sudo service apparmor teardown

Check AppArmor status:

sudo aa-status

You should be able to stop and kill your container now.

Credits


After using the below commands I was able to use docker-compose stop again:

sudo apt-get purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes

It is possible this was caused by Ubuntu's security and in particular apparmor In that case, you can of course remove your system's security, but that seems drastic. Plus, there seems to be going on some patching to docker that will solve all issues soon.

In the mean time, you can add to the docker run command the option --security-opt apparmor:unconfined. This seems preferable to removing apparmor.

e.g. try:

docker run --security-opt apparmor:unconfined -ti ubuntu bash

then try to docker stop and see everything now works!

You will unfortunately have to manually stop already running dockerfiles just this once unless you reboot. One (drastic) option to do that is by running:

sudo killall -9 docker
sudo killall -9 dockerd

To make things easier, "alias" docker... You need to make sure the parameters go to the right place e.g.

# in your ~/.bash_profile (~/.profile for ubuntu)
docker()
{
  if [ $# -gt 0 ] && [ "$1" == "run" ] ; then
     shift
     docker run --security-opt apparmor:unconfined "$@"
  else
     command docker "$@"
  fi
}

Then source ~/.profile