Can't get any dockers to run without privileged mode on ProxMox kernel, please help

  • Hi, all. I'm a new OMV user running OMV4 which I installed using the official instructions on top of a clean Debian 9 netinstall. OMV appears to be working fine but I'm having issues getting any dockers to run.

    I've installed the OMV-Extras repository and from there installed and enabled the Docker plugin. Just to test I installed the linuxserver/nzbget docker but when I try to run it with default container settings (and host networking) I see the following output in the logs:
    [ERROR] Binding socket failed for ErrNo 13, Permission denied
    Note: when I run this docker plugin in a standard OMV4 I've setup in a VM it works fine with the default settings.

    On my server, if I change the docker to "run in privileged mode" the error message goes away and I can connect to nzbget. I'd rather not have to run every docker in privileged mode, so I'd like to know what settings I need to change to be able to run the dockers normally.

    Thank you for your help!

  • Did a little troubleshooting and I found that the behavior is different between kernels:

    • Proxmox kernel (4.16) requires docker images to be run in privileged mode to get networking working
    • Standard 4.19 kernel does not require docker images to be run in privileged mode to get networking working

    Does anyone have any idea what's going on here?

  • apparmor is causing this. Here is an entry in syslog:

    Jul 21 11:30:22 omv4dev kernel: [ 4957.051815] audit: type=1400 audit(1563726622.133:3119): apparmor="DENIED" operation="create" profile="docker-default" pid=13567 comm="gitea" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create"

    Uninstalling the apparmor package fixes this. apt-get purge apparmor Not sure what installed it but omv doesn't install it by default.

    omv 5.6.0 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.5.3 plugins source code and issue tracker - github

    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

    Edited once, last by ryecoaaron ().

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!