Не удалось пройти Stdout при запуске Docker в Rootless

Не удалось пройти Stdout при запуске Docker в Rootless ⇐ Linux

Ответить

1 сообщение • Страница 1 из 1

Anonymous

Не удалось пройти Stdout при запуске Docker в Rootless

Цитата

Сообщение Anonymous » 13 июн 2025, 13:11

Я пытаюсь запустить Docker в режиме без root, но получил следующую ошибку: < /p>

Код: Выделить всё

# docker run -d httpd
docker: Error response from daemon: failed to create task for container: failed to create shim task: failed to create init process I/O: failed to chown stdout: operation not permitted: unknown

Run 'docker run --help' for more information

# docker run --privileged -d httpd
docker: Error response from daemon: failed to create task for container: failed to create shim task: failed to create init process I/O: failed to chown stdout: operation not permitted: unknown

Run 'docker run --help' for more information

А потом я пытаюсь выяснить, что не удалось отбросить stdout из Moby исходный код:

Код: Выделить всё

package runc

import (
"fmt"
"runtime"

"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)

// newPipeIO creates pipe pairs to be used with runc
func newPipeIO(uid, gid int, opts ...IOOpt) (i IO, err error) {
option := defaultIOOption()
for _, o := range opts {
o(option)
}
var (
pipes                 []*pipe
stdin, stdout, stderr *pipe
)
// cleanup in case of an error
defer func() {
if err != nil {
for _, p := range pipes {
p.Close()
}
}
}()
if option.OpenStdin {
if stdin, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdin)
if err = unix.Fchown(int(stdin.r.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin" {
logrus.WithError(err).Debug("failed to chown stdin, ignored")
} else {
return nil, fmt.Errorf("failed to chown stdin: %w", err)
}
}
}
if option.OpenStdout {
if stdout, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdout)
if err = unix.Fchown(int(stdout.w.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin" {
logrus.WithError(err).Debug("failed to chown stdout, ignored")
} else {
return nil, fmt.Errorf("failed to chown stdout: %w", err)
}
}
}
if option.OpenStderr {
if stderr, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stderr)
if err = unix.Fchown(int(stderr.w.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin" {
logrus.WithError(err).Debug("failed to chown stderr, ignored")
} else {
return nil, fmt.Errorf("failed to chown stderr: %w", err)
}
}
}
return &pipeIO{
in:  stdin,
out: stdout,
err: stderr,
}, nil
}
< /code>
он указывает на этот код: < /p>
    if option.OpenStdout {
if stdout, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdout)
if err = unix.Fchown(int(stdout.w.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin"  {
logrus.WithError(err).Debug("failed to chown stdout, ignored")
} else {
return nil, fmt.Errorf("failed to chown stdout: %w", err)
}
}
}

Теперь попробуйте выяснить, что Unix.fchown из этого файла:

Код: Выделить всё

package unix

//sys   EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
//sys   Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
//sys   Fchown(fd int, uid int, gid int) (err error)
//sys   Fstat(fd int, stat *Stat_t) (err error)
//sys   Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_NEWFSTATAT
//sys   Fstatfs(fd int, buf *Statfs_t) (err error)
//sys   Ftruncate(fd int, length int64) (err error)
//sysnb Getegid() (egid int)
//sysnb Geteuid() (euid int)
//sysnb Getgid() (gid int)
//sysnb Getrlimit(resource int, rlim *Rlimit) (err error)
//sysnb Getuid() (uid int)
//sys   Ioperm(from int, num int, on int) (err error)
//sys   Iopl(level int) (err error)
//sys   Lchown(path string, uid int, gid int) (err error)
//sys   Listen(s int, n int) (err error)

unix.fchown - просто комментарий в исходном коде.
Как сделать Unix.fchown Не сбой в/dev/stdout при запуске Docker в режиме без root?>

Подробнее здесь: https://stackoverflow.com/questions/796 ... n-rootless

1749809518

Anonymous

 Я пытаюсь запустить Docker в режиме без root, но получил следующую ошибку: < /p>
[code]# docker run -d httpd
docker: Error response from daemon: failed to create task for container: failed to create shim task: failed to create init process I/O: failed to chown stdout: operation not permitted: unknown

Run 'docker run --help' for more information

# docker run --privileged -d httpd
docker: Error response from daemon: failed to create task for container: failed to create shim task: failed to create init process I/O: failed to chown stdout: operation not permitted: unknown

Run 'docker run --help' for more information
[/code]
А потом я пытаюсь выяснить, что не удалось отбросить stdout  из Moby  исходный код:
[code]package runc

import (
"fmt"
"runtime"

"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)

// newPipeIO creates pipe pairs to be used with runc
func newPipeIO(uid, gid int, opts ...IOOpt) (i IO, err error) {
option := defaultIOOption()
for _, o := range opts {
o(option)
}
var (
pipes                 []*pipe
stdin, stdout, stderr *pipe
)
// cleanup in case of an error
defer func() {
if err != nil {
for _, p := range pipes {
p.Close()
}
}
}()
if option.OpenStdin {
if stdin, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdin)
if err = unix.Fchown(int(stdin.r.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin" {
logrus.WithError(err).Debug("failed to chown stdin, ignored")
} else {
return nil, fmt.Errorf("failed to chown stdin: %w", err)
}
}
}
if option.OpenStdout {
if stdout, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdout)
if err = unix.Fchown(int(stdout.w.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin" {
logrus.WithError(err).Debug("failed to chown stdout, ignored")
} else {
return nil, fmt.Errorf("failed to chown stdout: %w", err)
}
}
}
if option.OpenStderr {
if stderr, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stderr)
if err = unix.Fchown(int(stderr.w.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin" {
logrus.WithError(err).Debug("failed to chown stderr, ignored")
} else {
return nil, fmt.Errorf("failed to chown stderr: %w", err)
}
}
}
return &pipeIO{
in:  stdin,
out: stdout,
err: stderr,
}, nil
}
< /code>
он указывает на этот код: < /p>
    if option.OpenStdout {
if stdout, err = newPipe(); err != nil {
return nil, err
}
pipes = append(pipes, stdout)
if err = unix.Fchown(int(stdout.w.Fd()), uid, gid); err != nil {
// TODO: revert with proper darwin solution, skipping for now
// as darwin chown is returning EINVAL on anonymous pipe
if runtime.GOOS == "darwin"  {
logrus.WithError(err).Debug("failed to chown stdout, ignored")
} else {
return nil, fmt.Errorf("failed to chown stdout: %w", err)
}
}
}
[/code]
Теперь попробуйте выяснить, что Unix.fchown  из этого файла:
[code]package unix

//sys   EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
//sys   Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64
//sys   Fchown(fd int, uid int, gid int) (err error)
//sys   Fstat(fd int, stat *Stat_t) (err error)
//sys   Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_NEWFSTATAT
//sys   Fstatfs(fd int, buf *Statfs_t) (err error)
//sys   Ftruncate(fd int, length int64) (err error)
//sysnb Getegid() (egid int)
//sysnb Geteuid() (euid int)
//sysnb Getgid() (gid int)
//sysnb Getrlimit(resource int, rlim *Rlimit) (err error)
//sysnb Getuid() (uid int)
//sys   Ioperm(from int, num int, on int) (err error)
//sys   Iopl(level int) (err error)
//sys   Lchown(path string, uid int, gid int) (err error)
//sys   Listen(s int, n int) (err error)
[/code]
unix.fchown  - просто комментарий в исходном коде.
Как сделать Unix.fchown  Не сбой в/dev/stdout  при запуске Docker в режиме без root?> 

Подробнее здесь: [url]https://stackoverflow.com/questions/79664685/failed-to-chown-stdout-when-running-docker-in-rootless[/url]