Red Hat Bugzilla – Bug 1461573
docker run --privileged : unhelpful error message when user namespaces enabled
Last modified: 2017-10-19 11:19:22 EDT
Setup: RHEL 7.4, docker daemon running with--userns-remap=default:
# docker run --privileged centos date
/usr/bin/docker-current: Error response from daemon: Privileged mode is incompatible with user namespaces.
See '/usr/bin/docker-current run --help'.
A better error message might suggest adding '--userns=host' to docker run
Full setup details:
# echo 100 >/proc/sys/user/max_user_namespaces
# for i in uid gid; do echo "dockremap:100000:65536" > /etc/sub$i;done
# vi /etc/sysconfig/docker
[ add --userns-remap=default to OPTIONS ]
# systemctl stop docker
# rm -rf /var/lib/docker
# docker-storage-setup --reset
# systemctl start docker
Tom can you take a look at this one. Basically we need to check if the user is specifying --privileged without --userns=host and tell them this will not work and how to make it work. Patch should be submitted upstream.
PR opened with proposed fix> https://github.com/moby/moby/pull/33722
PR https://github.com/moby/moby/pull/33722 recently merged. It was a change to the upstream Docker that will need to wind it's way back to RHEL.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.