当前位置:theitroad>Ruby-on-rails 无法停止或删除 Docker 容器 - 权限被拒绝错误

Ruby-on-rails 无法停止或删除 Docker 容器 - 权限被拒绝错误

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/47223280/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-03 09:01:13  来源:igfitidea点击:

Docker Containers can not be stopped or removed - permission denied Error

ruby-on-railsdockerdocker-composedocker-swarm

提问by Parth Modi

Issue: Can not stop docker containers, whenever I try to stop containers I get the following Error message,

问题:无法停止 docker 容器,每当我尝试停止容器时,都会收到以下错误消息,

ERROR: for yattyadocker_web_1  cannot stop container: 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: Cannot kill container 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: rpc error: code = PermissionDenied desc = permission denied

OS Version/build:Ubuntu 16.04 | Docker Version 17.09.0-ce, build afdb6d4 | Docker Compose version 1.17.1, build 6d101fb

操作系统版本/内部版本:Ubuntu 16.04 | Docker 版本 17.09.0-ce,构建 afdb6d4 | Docker Compose 版本 1.17.1,构建 6d101fb

Steps to reproduce:

重现步骤:

  • Created a rails project with Dockerfile and docker-compose.yml. docker-compose.yml is of version 3.
  • Image is built successfully with either docker build -t <project name> .or docker-compose up --build
  • Containers boots up and runs successfully.
  • Try to stop docker compose with docker-compose down.
  • 使用 Dockerfile 和 docker-compose.yml 创建了一个 rails 项目。docker-compose.yml 是版本 3。
  • 图像与成功构建要么docker build -t <project name> .docker-compose up --build
  • 容器启动并成功运行。
  • 尝试使用 docker-compose down 停止 docker compose。

What I tried::

我试过的

  • I have to run sudo service docker restartand then the containers can be removed.
  • Uninstalled docker, removed docker directory and then re installed everything. Still facing same issue.
  • 我必须运行sudo service docker restart,然后才能移除容器。
  • 卸载 docker,删除 docker 目录,然后重新安装所有内容。仍然面临同样的问题。

Note: This configuration was working correctly earlier, but somehow file permissions might have changed and I am seeing this error. I have to run sudo service docker restartand then the containers can be removed. But this is highly inconvenient and I don't know how to troubleshoot this.

注意:此配置之前工作正常,但不知何故文件权限可能已更改,我看到此错误。我必须运行sudo service docker restart,然后才能移除容器。但这非常不方便,我不知道如何解决这个问题。

Reference Files:

参考文件:

# docker-compose.yml
version: '3'
volumes:
  db-data:
    driver: local
  redis-data:
    driver: local  
services:
  db:
    image: postgres:9.4.1
    volumes:
      - db-data:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    env_file: local_envs.env
  web:
    image: yattya_docker:latest
    command: bundle exec puma -C config/puma.rb
    tty: true
    stdin_open: true
    ports:
      - "3000:3000"
    links:
      - db
      - redis
      - memcached
    depends_on:
      - db
      - redis
      - memcached
    env_file: local_envs.env
  redis:
    image: redis:3.2.4-alpine
    ports:
      # We'll bind our host's port 6379 to redis's port 6379, so we can use
      # Redis Desktop Manager (or other tools) with it:
      - 6379:6379
    volumes:
      # We'll mount the 'redis-data' volume into the location redis stores it's data:
      - redis-data:/var/lib/redis
    command: redis-server --appendonly yes
  memcached:
    image: memcached:1.5-alpine
    ports:
      - "11211:11211"
  clock:
    image: yattya_docker:latest
    command: bundle exec clockwork lib/clock.rb
    links:
      - db
    depends_on:
      - db
    env_file: local_envs.env
  worker:
    image: yattya_docker:latest
    command: bundle exec rake jobs:work
    links: 
      - db
    depends_on: 
      - db
    env_file: local_envs.env

And Dockerfile:

和 Dockerfile:

# Dockerfile
FROM ruby:2.4.1

RUN apt-get update && apt-get install -y nodejs --no-install-recommends && rm -rf /var/lib/apt/lists/*

ENV APP_HOME /app
RUN mkdir -p $APP_HOME
WORKDIR $APP_HOME

ADD Gemfile* $APP_HOME/
RUN bundle install

ADD . $APP_HOME

RUN mkdir -p ${APP_HOME}/log
RUN cat /dev/null > "$APP_HOME/log/development.log"

RUN mkdir -p ${APP_HOME}/tmp/cache \
    && mkdir -p ${APP_HOME}/tmp/pids \
    && mkdir -p ${APP_HOME}/tmp/sockets

EXPOSE 3000

采纳答案by Parth Modi

I was able to fix the issue. Apparmor service in ubuntu was not working normally due to some unknown issue. The problem was similar to the issue reported in moby project https://github.com/moby/moby/issues/20554.

我能够解决这个问题。由于一些未知问题,ubuntu 中的 Apparmor 服务无法正常工作。该问题类似于 moby 项目https://github.com/moby/moby/issues/20554 中报告的问题。

The /etc/apparmor.d/tunablesfolder was empty, and https://github.com/mlaventuresuggested to purge/reinstall apparmor to get it to the initial state.

/etc/apparmor.d/tunables文件夹为空,https://github.com/mlaventure建议清除/重新安装 apparmor 以使其达到初始状态。

So I reinstalled apparmor, and after restartingthe problem was solved.

于是我重新安装了apparmor,重启后问题就解决了。

Hope this helps.

希望这可以帮助。

回答by jsloan117

For anyone that does not wish to completely purge AppArmor.

对于不希望完全清除 AppArmor 的任何人。

Check status: sudo aa-status

检查状态: sudo aa-status

Shutdown and prevent it from restarting: sudo systemctl disable apparmor.service --now

关闭并防止其重新启动: sudo systemctl disable apparmor.service --now

Unload AppArmor profiles: sudo service apparmor teardown

卸载 AppArmor 配置文件: sudo service apparmor teardown

Check status: sudo aa-status

检查状态: sudo aa-status

You should now be able to stop/kill containers.

您现在应该能够停止/终止容器。

回答by Alejandro S.

I installed Docker from the snap package and after a while I decided to move to apt repository installation.

我从 snap 包安装了 Docker,过了一段时间我决定转向 apt 存储库安装。

I was facing the same problem and using sudo aa-remove-unknownworked for me.

我遇到了同样的问题并且使用sudo aa-remove-unknown对我有用。

So no reinstallation of Apparmor was needed.

所以不需要重新安装 Apparmor。

回答by Moritz

A direct fix to the problem is executing bash in the container to be killed and directly calling killthere. An example:

该问题的直接解决方法是在要杀死的容器中执行 bash 并直接调用kill那里。一个例子:

host$ docker exec -it <container-name> sh
container$ ps
PID   USER     TIME  COMMAND
    1 root      0:00 {entrypoint.sh} /bin/sh /entrypoint.sh
   16 root      0:00 {entrypoint.sh} /bin/sh /entrypoint.sh
   24 root      0:00 sh
   31 root      0:00 ps
container$ kill 1

To check that the container was killed, run docker ps. This is a useful alternative to the solution reinstalling apparmor as this will also remove snapd.

要检查容器是否已终止,请运行docker ps。这是重新安装 apparmor 的解决方案的有用替代方法,因为这也将删除snapd

回答by user3929660

In my case the issue was that I had conflicting docker installations: dockeritself from the official docker-cepackage, but docker-composefrom the Ubuntu snap package.

就我而言,问题是我的 docker 安装存在冲突:docker它本身来自官方docker-ce,但docker-compose来自 Ubuntu snap 包。

Installing correctly docker-composefrom the official github (instructions here) did the trick. I also followed the Linux post-install instructionsand it may have helped as well (to run docker as a non-root user)

docker-compose从官方 github(此处的说明)正确安装即可解决问题。我还遵循了Linux 安装后说明,它也可能有所帮助(以非 root 用户身份运行 docker)

I just left AppArmor alone here - I did not touch it.

我只是把 AppArmor 一个人留在这里——我没有碰它。

相关推荐

Ruby-on-rails 是否有 Rails 列类型的文档?

Ruby-on-rails 是否有 Rails 列类型的文档?

Ruby,检查日期是否是周末?

Ruby,检查日期是否是周末?

Ruby-on-rails 如何在项目中重命名 rails 控制器和模型

Ruby-on-rails 如何在项目中重命名 rails 控制器和模型

Ruby-on-rails rails 生成模型

Ruby-on-rails rails 生成模型

相关推荐
最近更新
标签