Container creation fails with read-only bind mount

Question

Container creation fails with read-only bind mount

thespad opened this issue 5 months ago · 3 comments

Environment:

Ubuntu 22.04.4 x86_64
Kernel 5.15.0-94
Docker 26.0.0, installed from Docker repo
Crun 1.15, installed from github release artifact

Error:

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: open mount target `/var/run/docker.sock`: No such device or address: unknown

Compose:

  dockerproxy:
    image: lscr.io/linuxserver/socket-proxy:latest
    container_name: dockerproxy
    logging:
      driver: json-file
      options:
        max-size: "100m"
        max-file: "5"
    environment:
      - CONTAINERS=1
      - NETWORKS=1
      - POST=0
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    tmpfs:
      - /run
    restart: always
    security_opt:
      - no-new-privileges=true
    read_only: true
    runtime: crun

Changing the docker.sock mount to rw allows the container creation to complete as expected.

Answer 1 · 2024-05-02T16:05:55.000Z

thanks for the report. Was it working with the previous version of crun?

Answer 2 · 2024-05-02T17:01:14.000Z

The last version I tried was 1.14.1 and it wasn't working there either but that also coincided with upgrading Docker to the 25.x release and so I put it down to a change there as it caused a few issues with different tools. I decided to wait for the next crun point release to try again so haven't tested 1.14.2/3/4

It was working before that but I can't be 100% sure which version of crun I was on.

Answer 3 · 2024-05-03T10:11:55.000Z

opened a PR:

#1464