docker-archive/docker-snap

/etc/docker/daemon.json not work

HuJK opened this issue · 3 comments

HuJK commented

Wheh the /etc/docker/daemon.json exists, docker no longer started!

I installed docker from snap, so service docker restart will not work.
I start docker with

sudo snap start docker

The output from journalctl -xe is:

Aug  20 09:08:44 user-TV kernel: aufs aufs_fill_super:912:mount[1404]: no arg
Aug  20 09:08:44 user-TV kernel: overlayfs: missing 'lowerdir'
Aug  20 08:55:29 user-TV audit[644]: AVC apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/daemon.json" pid=644 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Aug  20 08:55:29 user-TV docker.dockerd[644]: unable to configure the Docker daemon with file /etc/docker/daemon.json: open /etc/docker/daemon.json: permission denied
Aug  20 08:55:29 user-TV kernel: audit: type=1400 audit(1534726529.513:7216): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/daemon.json" pid=644 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Aug  20 08:55:29 user-TV systemd[1]: snap.docker.dockerd.service: Main process exited, code=exited, status=1/FAILURE

Why it failed with open /etc/docker/daemon.json: permission denied in line 4 even I chmod 777 to it?

The content of the file is:

{
    "experimental": true
}

The docker version is 17.06.2-ce

ma3310 commented

Because Read permission hasn't defined in AppArmor configuration file: /var/lib/snapd/apparmor/profiles/snap.docker.dockerd

Open it and find #include <abstractions/openssl>, add below config under it:
/etc/docker/** r,

https://www.moha.online/tutorial/docker/concise-user-guide#Snap%E5%AE%89%E8%A3%85%E7%89%88%E6%97%A0%E6%B3%95%E4%BF%AE%E6%94%B9%E9%85%8D%E7%BD%AE

anonymouse64 commented

Modifying the daemon.json file is now supported in the version of the snap I have published in the edge channel. You can now edit the daemon.json located in $SNAP_DATA/config/daemon.json (on Ubuntu for example $SNAP_DATA is /var/snap/docker/current, it may be different on your distribution) and then restart docker for the changes to take effect with:

sudo snap restart docker

You may switch the snap to the edge channel to test this by running:

sudo snap refresh docker --edge

The changes in the edge channel should show up in stable in a short while.

Please let me know if this resolves the issue, and also please do not modify the apparmor profile for the snap, as this will be overwritten with a snap refresh and potentially opens up your system to security vulnerabilities if done incorrectly.

  • 👍2
HuJK commented

Yes, issue is solved.