Description of problem: The MountFlags=slave option is set in the docker systemd unit file which is causing shared mounts to not work with docker 1.10. I have not changed the docker.service unit file on my atomic host and it has that MountFlags=slave set in the unit file: [vagrant@vanilla-f23atomic ~]$ rpm -qV docker | grep docker.service .......T. /usr/lib/systemd/system/docker.service [vagrant@vanilla-f23atomic ~]$ grep Mount /usr/lib/systemd/system/docker.service MountFlags=slave I have been told this is not what we want: https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2016-March/msg00083.html Version-Release number of selected component (if applicable): [vagrant@vanilla-f23atomic ~]$ rpm -q docker docker-1.10.2-6.git0f5ac89.fc23.x86_64 How reproducible: Always Steps to Reproduce: [vagrant@vanilla-f23atomic ~]$ sudo mount --make-shared / [vagrant@vanilla-f23atomic ~]$ sudo docker run -it --privileged --rm -v /tmp/sharedfolder:/tmp/sharedfolder:shared sshfs /bin/bash docker: Error response from daemon: Cannot start container 7e99752dd8f2812a7d7acaa58594504be936b6f37aa77b6521a7098450343837: Path /tmp/sharedfolder is mounted on /sysroot but it is not a shared mount.. Actual results: Can't run a docker container with :shared volume mount. See error message.
Lokesh please remove this line from all Fedora and RHEL versions of docker-1.10.
docker has been downgraded to 1.9.1 on f23 (should land in -testing soon). I'll remove it once we're back on 1.10. f24 and rawhide are already on 1.10 and don't have MountFlags=slave. I'll make sure to remove it from RHEL 1.10 rpms too.
status on this since 1.10 is in 24 and is in testing in 23?
Fixed in docker-1.10, which is showing up everywhere now.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
I hit this, and the problem turned out to be the mount propagation on / being private.
(In reply to Colin Walters from comment #6) > I hit this, and the problem turned out to be the mount propagation on / > being private. Also hit this on the most recent Fedora 24 tree: # findmnt / -o TARGET,PROPAGATION TARGET PROPAGATION / private # docker run --rm -it --privileged -v /:/host fedora:24 echo ok docker: Error response from daemon: Cannot start container a9a14be96410e36f6a31e6604c603d1c4f5912a9def42e162e5d5b72fd3bec30: Path / is mounted on / but it is not a shared or slave mount..sh # mount --make-shared / # docker run --rm -it --privileged -v /:/host fedora:24 echo ok ok Did this somehow change in recent times? Don't remember running into it before, although I've mounted / many times.
This may be an interaction with ostree doing the bind mount for /.
FWIW I think the right workaround is: mount --make-rshared / Note the extra `r` - this way you'll also be able to bind in any other host mount points.
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
We are seeing this in our F24 Atomic Host tests. From what I can deduce, it appears using pkg-layering is causing the root filesystem to have mount propagation set to PRIVATE. # atomic host status State: idle Deployments: ● fedora-atomic:fedora-atomic/24/x86_64/docker-host Version: 24.121 (2017-02-02 20:35:47) Commit: 57f57ff2eeb82797e3600bd3ce0a6dfb7a6982997abda991cc2b8711e7cb7004 OSName: fedora-atomic # findmnt / -o TARGET,PROPAGATION TARGET PROPAGATION / shared # rpm-ostree install wget Checking out tree 57f57ff... done Downloading metadata: [=====================] 100% Resolving dependencies... done Overlaying... done Running %post for wget...... done Writing rpmdb... done Writing OSTree commit... done Copying /etc changes: 26 modified, 0 removed, 65 added Transaction complete; bootconfig swap: yes deployment count change: 1 Added: wget-1.18-1.fc24.x86_64 Run "systemctl reboot" to start a reboot <<< reboot >>> # atomic host status State: idle Deployments: ● fedora-atomic:fedora-atomic/24/x86_64/docker-host Version: 24.121 (2017-02-02 22:04:01) BaseCommit: 57f57ff2eeb82797e3600bd3ce0a6dfb7a6982997abda991cc2b8711e7cb7004 Commit: 71aa1683f43ec9e61b3fc8dccb2bc6d1a52d06c9aa8164035fd16ba7db6e2fff OSName: fedora-atomic Packages: wget fedora-atomic:fedora-atomic/24/x86_64/docker-host Version: 24.121 (2017-02-02 20:35:47) Commit: 57f57ff2eeb82797e3600bd3ce0a6dfb7a6982997abda991cc2b8711e7cb7004 OSName: fedora-atomic -bash-4.3# findmnt / -o TARGET,PROPAGATION TARGET PROPAGATION / private # docker run --rm -it --privileged -v /:/host fedora:24 echo ok docker: Error response from daemon: Cannot start container b8b6355cac7af433724236b58669495c8e378236fb4de242f43a610247372c75: Path / is mounted on / but it is not a shared or slave mount.. So is this really an ostree bug? Do we want to ship a new version of ostree in F24?
Good catch, Micah. This is indeed caused by rpm-ostree package layering. Should be fixed by: https://github.com/projectatomic/rpm-ostree/pull/605 Note that although this also happens on F25, the docker there can deal with it.
ostree-2017.2-2.fc24 rpm-ostree-2017.2-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-758aab74a4
ostree-2017.2-2.fc24, rpm-ostree-2017.2-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-758aab74a4
ostree-2017.2-3.fc24 rpm-ostree-2017.2-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-758aab74a4
ostree-2017.2-3.fc24, rpm-ostree-2017.2-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-758aab74a4
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'.
ostree-2017.2-3.fc24, rpm-ostree-2017.2-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.