sakaki-/raspbian-nspawn-64

Running privileged container (Rancher) - `OCI runtime create failed: container_linux.go:349: starting container process caused "apply caps: operation not permitted": unknown.`

fcaraujo opened this issue · 1 comments

fcaraujo commented

Hi @sakaki- it's me again.
Thanks for your time in advance.

TL;DR; I'm having the following error OCI runtime create failed: container_linux.go:349: starting container process caused "apply caps: operation not permitted": unknown. when I try to execute a privileged container.

A bit of context I'm suspecting there's some permission I need to tweak in order to achieve what I'm trying to do.
Basically, I installed docker following your tutorial, then ran a docker container rancherpi/rancher:v2.0.8-arm64.
When I try to execute the command to create a cluster, it gives me some code to run the container using a --privileged flag, and there's where I got the error.

So I tried to isolate the issue and fortunately, it's easy to reproduce, just running the hello world using the flag gives the same error! 👍

pi@debian-buster-64:~ $ sudo docker run --privileged  hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "apply caps: operation not permitted": unknown.
ERRO[0001] error waiting for container: context canceled
pi@debian-buster-64:~ $

Would you have any suggestions on how to fix it?

Cheers!

sakaki- commented

31 Oct 2020: sadly, due to legal obligations arising from a recent change in my 'real world' job, I must announce I am standing down as maintainer of this project with immediate effect. For the meantime, I will leave the repo up (for historical interest, and since the Debian package is still in the official Raspbian repos); however, there will be no further updates to the underlying OS images etc., nor will I be accepting / actioning further pull requests or bug reports from this point. Email requests for support will also have to be politely declined, so, please treat this as an effective EOL notice.

For further details, please see my post here.

With sincere apologies, sakaki ><

  • 😕1