moby: permission denied | Error response from daemon: Cannot start container

Description of problem: I can’t start any containers with the command docker run […], even really simple one like: # docker run busybox

Produce the following output: permission denied Error response from daemon: Cannot start container beb4524b4f8a372d5eacdf6111d17053df0099d51f0824677fd137a97d277965: [8] System error: permission denied

docker version:

Client:
 Version:      1.9.1
 API version:  1.21
 Go version:   go1.5.1
 Git commit:   a34a1d5-dirty
 Built:        Sun Nov 22 00:15:15 UTC 2015
 OS/Arch:      linux/amd64

Server:
 Version:      1.9.1
 API version:  1.21
 Go version:   go1.5.1
 Git commit:   a34a1d5-dirty
 Built:        Sun Nov 22 00:15:15 UTC 2015
 OS/Arch:      linux/amd64

docker info:

Containers: 5
Images: 21
Server Version: 1.9.1
Storage Driver: btrfs
 Build Version: Btrfs v4.3.1
 Library Version: 101
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.2.5-1-ARCH
Operating System: Arch Linux (containerized)
CPUs: 4
Total Memory: 7.679 GiB
Name: J3XYZ
ID: 7AQW:SMAM:NRQM:UU3P:FLJ2:XYUM:E66X:RPBS:BISE:4CDP:2NKB:GPBK

uname -a: Linux J3XYZ 4.2.5-1-ARCH #1 SMP PREEMPT Tue Oct 27 08:13:28 CET 2015 x86_64 GNU/Linux

Environment details (AWS, VirtualBox, physical, etc.): Lenovo X250

How reproducible: docker run xyz

Steps to Reproduce:

  1. sudo yaourt docker (->community/docker)
  2. systemctl start docker
  3. sudo docker run busybox

Actual Results:

permission denied
Error response from daemon: Cannot start container 03ffb7da4d1f0e5fa04d6e254d2aa67f0d36e31cab858a01c1f56f2bb165b97d: [8] System error: permission denied

Expected Results: A running container, obviously 😃

Additional info: Arch, btrfs, luks filesystem

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Comments: 24 (6 by maintainers)

Most upvoted comments

try close SELinux by: setenforce 0

+7
johnny1952 on Dec 15, 2016

@aker’s chcon -t docker_exec_t /usr/bin/docker* fixed it for my VM which was cloned from another one. Maybe that’s why this type was gone.

I’m not using btrfs. It’s likely some people in this issue simply have SELinux problems. But disabling it is a very bad option, because you’ll loose it’s security enhancements.

Before that I also tried running the docker daemon from outside the docker systemd unit which made it work prior to the SELinux fix. Got this from the likely very related issue #17475 here. But since this wasn’t a permant fix, I’m very happy to have found @aker’s fix. May I ask where you got this from? Especially since you’re saying it’s common.

+1
aCandidMind on Feb 23, 2017

The same to me,i fixed it by the common:

ls -aZ /usr/bin/docker*

-rwxr-xr-x. root root system_u:object_r:docker_exec_t:s0 /usr/bin/docker -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/docker-current -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/docker-storage-setup

sudo chcon -t docker_exec_t /usr/bin/docker*

sudo systemctl restart docker

+1
aker on Jan 20, 2017
Read more comments on GitHub
← moby: Parser in docker 1.13 breaks backwards compatibility for comments in middle of RUN statement
moby: Permission denied for directories created automatically by Dockerfile ADD command →