docker failed to create task for container: failed to create shim task: OCI runtime create failed:

最新推荐文章于 2024-07-04 18:06:56 发布
wangjun5159 最新推荐文章于 2024-07-04 18:06:56 发布阅读量3w 在尝试运行Docker的hello-world镜像时遇到ociruntimerunc未能成功终止的错误。问题根源在于缺少runc信息，通过检查docker版本和系统状态确认runc缺失。更新libseccomp到最新版本后，runc信息出现，问题得到解决。摘要由CSDN通过智能技术生成
根据 CentOS安装docker指南，启动hello-world时报错，提示信息中提到了 OCI runtime ，根本原因是 runc did not terminate successfully
[root@localhost composetest]# sudo docker run hello-world
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/moby/4a7cc9e9d0d66c8db7f9cd68ffa2631c54d3e3dab4c408fd2af564b1cd496536/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown.
ERRO[0000] error waiting for container:  
参考【错误解决】docker找不到runc：failed to create shim: OCI runtime create failed: unable to retrieve OCI runtime，这个问题跟runc有关，查看docker版本的确没有runc信息 
[root@localhost composetest]# docker version
Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:53:10 2023
 OS/Arch:           linux/amd64
 Context:           default
Server: Docker Engine - Community
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:52:10 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
  //如果正常，这里应该有 runc的信息
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
查看docker状态，提示没有runc 
[root@localhost composetest]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-06-29 16:24:21 CST; 5min ago
     Docs: https://docs.docker.com
 Main PID: 22144 (dockerd)
    Tasks: 12
   Memory: 38.4M
   CGroup: /system.slice/docker.service
           └─22144 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.863821695+08:00" level=warning 
//这里提示没有runc version
msg="failed to retrieve runc version: exit>
6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.879643673+08:00" level=info msg="Docker daemon" commit=659604f graphdrive>
6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.879688811+08:00" level=info msg="Daemon has completed initialization"
6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.903813923+08:00" level=info msg="API listen on /run/docker.sock"
6月 29 16:24:21 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
6月 29 16:25:17 localhost.localdomain dockerd[22144]: time="2023-06-29T16:25:17.603433056+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:25:17 localhost.localdomain dockerd[22144]: time="2023-06-29T16:25:17.603501074+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:26:31 localhost.localdomain dockerd[22144]: time="2023-06-29T16:26:31.575391981+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:26:31 localhost.localdomain dockerd[22144]: time="2023-06-29T16:26:31.575508418+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:29:33 localhost.localdomain dockerd[22144]: time="2023-06-29T16:29:33.001615925+08:00" 
//这里提示没有runc version
level=warning msg="failed to retrieve runc version: exit>
最终查到可能是libseccomp版本过低引起的，看一下当前版本 
[root@localhost composetest]# rpm -qa | grep libseccomp
libseccomp-2.3.3-3.el8.x86_64
yum update libseccomp
升级后再查看docker 版本已经有runc了。 
[root@localhost composetest]# docker version
Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:53:10 2023
 OS/Arch:           linux/amd64
 Context:           default
Server: Docker Engine - Community
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:52:10 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
  //有runc版本了
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
解决过程中遇到了OCI、runc等名词，根据Docker，containerd，CRI-O和runc之间的区别得知，OCI是open container initiative,是一套关于镜像和容器的规范，它也提供了实现就是runc，runc是用来创建和运行容器的。
 
                    docker failed to create task for container: failed to create shim task: OCI runtime create failed:
                    Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/moby/4a7cc9e9d0d66c8db7f9cd68ffa2631c54d3e3dab4
				docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: container_linux.go:318: starting container process caused “permission denied”: unknown
解决方案：yum remove podman，删除podman，重启docker
				docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: invalid rootfs: not an absolute path, or a symlink: unknown.
ERRO[0000] error waiting for container:
				引用和中提到的错误信息是关于Docker的。这些错误表明在创建Docker容器任务时出现了问题，具体原因是找不到或加载不了`libseccomp.so.2`共享库文件。`libseccomp.so.2`是用于安全计算的一个库文件。要解决这个问题，可以按照以下步骤进行操作：
1. 使用下面的命令在系统中查找`libseccomp.so.2`文件：
   find / -name libseccomp.so.2
2. 一旦找到了该文件，将其复制到`/usr/lib64/`目录下，可以使用如下命令进行复制（假设找到的文件路径为`/path/to/libseccomp.so.2`）：
   cp /path/to/libseccomp.so.2 /usr/lib64/
这样，你就将`libseccomp.so.2`文件复制到了正确的位置，Docker在创建容器任务时就能够正确加载该文件了。<span class="em">1</span><span class="em">2</span><span class="em">3</span>
#### 引用[.reference_title]
-  *1* *2* [docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc crea](https://blog.csdn.net/qq_43323894/article/details/127549456)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"]
-  *3* [docker安装完成启动不了（报错：Failed to start Docker Application Container Engine.）](https://download.csdn.net/download/weixin_38558655/14052226)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"]
[ .reference_list ]