Description
Rootful docker in Rootless docker does not work
Steps to reproduce the issue:
- Start rootless docker
- Within rootless docker, start
dockerd as the root(-in-userns).
- Run
docker run -it --rm busybox against Rootful-Docker-in-Rootless-Docker
Describe the results you received:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:275: applying cgroup configuration for process caused \"mkdir /sys/fs/cgroup/cpuset/docker: permission denied\"": unknown.
Describe the results you expected:
It should work
Additional information you deem important (e.g. issue happens only occasionally):
Running Rootful-Docker-in-Rootless-Docker daemon with --experimental --rootless doesn't make sense here currently, as it tries to use $XDG_RUNTIME_DIR and so on.
Probably we should let --rootless disable cgroups but ignore $XDG_RUNTIME_DIR when $USER=="root" || $USER=="".
Output of docker version:
Client: Docker Engine - Community
Version: 18.09.1-rc1
API version: 1.39
Go version: go1.10.5
Git commit: bca0068
Built: Fri Dec 7 05:28:04 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: dev
API version: 1.40 (minimum version 1.12)
Go version: go1.11.5
Git commit: 93d994e29c
Built:
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.0-243-g6b25c1e4
GitCommit: 6b25c1e45c2b8246dba17de3b1d574f6720ce79f
runc:
Version: 1.0.0-rc6+dev
GitCommit: bbb17efcb4c0ab986407812a31ba333a7450064c
docker-init:
Version: 0.18.0
GitCommit: fec3683
Output of docker info:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: dev
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6b25c1e45c2b8246dba17de3b1d574f6720ce79f
runc version: bbb17efcb4c0ab986407812a31ba333a7450064c
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.15.0-45-generic
Operating System: Ubuntu 18.04.1 LTS (containerized)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.829GiB
Name: e9a9508c8101
ID: UZUL:JHFE:3567:N2FE:YUZL:XKRW:EKQB:I35U:MTDM:7Y3Z:3EO6:DWL5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Additional environment details (AWS, VirtualBox, physical, etc.):
Description
Rootful docker in Rootless docker does not work
Steps to reproduce the issue:
dockerdas the root(-in-userns).docker run -it --rm busyboxagainst Rootful-Docker-in-Rootless-DockerDescribe the results you received:
Describe the results you expected:
It should work
Additional information you deem important (e.g. issue happens only occasionally):
Running Rootful-Docker-in-Rootless-Docker daemon with
--experimental --rootlessdoesn't make sense here currently, as it tries to use$XDG_RUNTIME_DIRand so on.Probably we should let
--rootlessdisable cgroups but ignore$XDG_RUNTIME_DIRwhen$USER=="root" || $USER=="".Output of
docker version:Output of
docker info:Additional environment details (AWS, VirtualBox, physical, etc.):