moby: User namespaces don't work on Debian Jessie on SoftLayer

Hi,

I enabled user namespaces in Docker 1.11.2 with –userns-remap=default, but it fails when running on Debian Jessie on SoftLayer with error

docker: Error response from daemon: rpc error: code = 2 desc = "oci runtime error: could not synchronise with container process: operation not permitted".

It works fine in VMware on my computer and on Azure as well. SoftLayer support claims they “use a generic debian image.”

I can launch such Debian machine on SoftLayer and grant access to Docker developers.

Regards.

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 34 (12 by maintainers)

Most upvoted comments

Do you have anything mounted on top of /proc? User namespaces only allow remounting /proc inside a container if it is already mounted in the host AND it is “fully visible”, which basically means nothing is mounted on top of any part of it. I’ve seen these issues where something has been mounted on top of /proc somewhere (e.g. on /proc/foo/bar) in the host…

+1
julz on Aug 26, 2016
Read more comments on GitHub
← moby: Usage of max-replicas-per-node not compatible with start-first update_config
moby: userns: rm: cannot remove '/var/lib/apt/lists/partial': Operation not permitted →