时间戳

首页 > 解决方案 > OCI runtime error for Docker on Debian Bullseye

linux - OCI runtime error for Docker on Debian Bullseye

问题描述

I am superficially familiar with docker and know a bit about linux but my current situation has me out of depth. I am repurposing an older laptop (Thinkpad T540p) to host a few network services via docker. I was able to install and run docker on it using the previous OS (Ubuntu 18 or 20 LTS), tested using docker run hello-world. After that I reinstalled the laptop, now using Debian Bullseye. I ran apt update && apt upgrade after installing to ensure an up to date system and installed docker. When I ran docker run hello-world however, an error occurred that I have been unable to debug.
Some info:

root@machine:$ docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown.
ERRO[0002] error waiting for container: context canceled

root@machine:$ docker --version
Docker version 20.10.6, build 370c289

root@machine:$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:    11
Codename:   bullseye

root@machine:$ uname -a
Linux machine 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux

I have been looking around for issues containing a similar error to mine and found

All seeming to point towards some kind of Seccomp/AppArmor setting that is blocking Docker from starting, but I have no clue what to change in order to get it working. The terms AppArmor and Seccomp were random jargon to me 2 days ago so I would rather not just go edit some system config file.

Clues on what is going wrong or what to change are very much appreciated.

标签: linuxdockerdebian

解决方案

推荐阅读