Can't get any dockers to run without privileged mode on ProxMox kernel, please help

    • OMV 4.x
    • Can't get any dockers to run without privileged mode on ProxMox kernel, please help

      Hi, all. I'm a new OMV user running OMV4 which I installed using the official instructions on top of a clean Debian 9 netinstall. OMV appears to be working fine but I'm having issues getting any dockers to run.

      I've installed the OMV-Extras repository and from there installed and enabled the Docker plugin. Just to test I installed the linuxserver/nzbget docker but when I try to run it with default container settings (and host networking) I see the following output in the logs:
      [ERROR] Binding socket failed for 0.0.0.0: ErrNo 13, Permission denied
      Note: when I run this docker plugin in a standard OMV4 I've setup in a VM it works fine with the default settings.

      On my server, if I change the docker to "run in privileged mode" the error message goes away and I can connect to nzbget. I'd rather not have to run every docker in privileged mode, so I'd like to know what settings I need to change to be able to run the dockers normally.

      Thank you for your help!
    • Did a little troubleshooting and I found that the behavior is different between kernels:
      • Proxmox kernel (4.16) requires docker images to be run in privileged mode to get networking working
      • Standard 4.19 kernel does not require docker images to be run in privileged mode to get networking working
      Does anyone have any idea what's going on here?
    • Antioch wrote:

      Did a little troubleshooting and I found that the behavior is different between kernels:


      Proxmox kernel (4.16) requires docker images to be run in privileged mode to get networking working

      Standard 4.19 kernel does not require docker images to be run in privileged mode to get networking working
      Does anyone have any idea what's going on here?
      apparmor is causing this. Here is an entry in syslog:

      Jul 21 11:30:22 omv4dev kernel: [ 4957.051815] audit: type=1400 audit(1563726622.133:3119): apparmor="DENIED" operation="create" profile="docker-default" pid=13567 comm="gitea" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create"

      Uninstalling the apparmor package fixes this. apt-get purge apparmor Not sure what installed it but omv doesn't install it by default.
      omv 4.1.23 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!

      The post was edited 1 time, last by ryecoaaron ().

    • Users Online 1

      1 Guest