1505012 – (docker-seccomp) docker is unable to start due seccomp profile missing

Bug 1505012 (docker-seccomp) - docker is unable to start due seccomp profile missing

Summary: docker is unable to start due seccomp profile missing

Keywords:
Status:	CLOSED DUPLICATE of bug 1504065
Alias:	docker-seccomp
Product:	Fedora
Classification:	Fedora
Component:	docker
Sub Component:
Version:	27
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Lokesh Mandvekar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-10-21 03:04 UTC by Davi Garcia
Modified:	2017-12-12 23:35 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-12-12 23:35:19 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Davi Garcia 2017-10-21 03:04:23 UTC

> Description of problem:

After the latest update of "docker" package, the service is unable to start due missing seccomp profile file (/etc/docker/seccomp.json).


> Version-Release number of selected component (if applicable):

docker-1.13.1-33.git790e958.fc27.x86_64

> How reproducible:

Upgrade "docker" package to the version mentioned above.

> Actual results:

Oct 21 00:59:45 blackpad.localdomain systemd[1]: Starting Docker Application Container Engine...
-- Subject: Unit docker.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.service has begun starting up.
Oct 21 00:59:45 blackpad.localdomain dockerd-current[26527]: time="2017-10-21T00:59:45-02:00" level=info msg="SUSE:secrets :: enabled"
Oct 21 00:59:45 blackpad.localdomain dockerd-current[26527]: Error starting daemon: opening seccomp profile (/etc/docker/seccomp.json) failed: open /etc/docker/seccomp.j
Oct 21 00:59:45 blackpad.localdomain systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Oct 21 00:59:45 blackpad.localdomain systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.service has failed.
-- 
-- The result is failed.
Oct 21 00:59:45 blackpad.localdomain systemd[1]: docker.service: Unit entered failed state.
Oct 21 00:59:45 blackpad.localdomain systemd[1]: docker.service: Failed with result 'exit-code'.

Comment 1 Davi Garcia 2017-10-21 03:06:08 UTC

[root@blackpad dvercill]# dnf info docker
Last metadata expiration check: 2:08:56 ago on Fri 20 Oct 2017 10:56:48 PM -02.
Installed Packages
Name         : docker
Epoch        : 2
Version      : 1.13.1
Release      : 33.git790e958.fc27
Arch         : x86_64
Size         : 69 M
Source       : docker-1.13.1-33.git790e958.fc27.src.rpm
Repo         : @System
From repo    : updates-testing
Summary      : Automates deployment of containerized applications
URL          : https://github.com/projectatomic/docker
License      : ASL 2.0
Description  : Docker is an open-source engine that automates the deployment of any
             : application as a lightweight, portable, self-sufficient container that will
             : run virtually anywhere.
             : 
             : Docker containers can encapsulate any payload, and will run consistently on
             : and between virtually any server. The same container that a developer builds
             : and tests on a laptop will run at scale, in production*, on VMs, bare-metal
             : servers, OpenStack clusters, public instances, or combinations of the above.

Comment 2 Daniel Walsh 2017-10-21 10:11:42 UTC

I believe this if fixed by docker-1.13.1-35.git8fd0ebb.fc27
Please update your docker package 

dnf -y update docker --enable-repo updates-testing

Comment 3 Davi Garcia 2017-10-21 21:29:27 UTC

I checked again, and I still don't see any update for "docker" package. Maybe some problem on Fedora's mirroring tiering? 

[root@blackpad dvercill]# dnf clean all
70 files removed

[root@blackpad dvercill]# dnf upgrade -y
Fedora 27 - x86_64 - Test Updates                                                                                                        178 kB/s |  20 MB     01:56    
Fedora 27 - x86_64 - Updates                                                                                                             3.8 kB/s | 373  B     00:00    
Fedora 27 - x86_64                                                                                                                       173 kB/s |  58 MB     05:43    
google-chrome                                                                                                                             23 kB/s | 3.7 kB     00:00    
Google Cloud SDK                                                                                                                         2.3 MB/s | 3.7 MB     00:01    
RPM Fusion for Fedora 27 - Free - Test Updates                                                                                           5.9 kB/s |  30 kB     00:05    
RPM Fusion for Fedora 27 - Free                                                                                                           83 kB/s | 968 kB     00:11    
RPM Fusion for Fedora 27 - Nonfree - Test Updates                                                                                        4.5 kB/s | 2.8 kB     00:00    
RPM Fusion for Fedora 27 - Nonfree                                                                                                       138 kB/s | 225 kB     00:01    
Visual Studio Code                                                                                                                       464 kB/s | 833 kB     00:01    
Last metadata expiration check: 0:00:00 ago on Sat 21 Oct 2017 07:26:40 PM -02.
Dependencies resolved.
Nothing to do.
Complete!

Comment 4 Davi Garcia 2017-10-22 03:55:22 UTC

Looks like I finally received the new package, but the docker is still unable to start. However, looks like now is due a different reason:

Oct 22 01:50:02 blackpad.localdomain systemd[1]: Starting Docker Application Container Engine...
-- Subject: Unit docker.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.service has begun starting up.
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02-02:00" level=info msg="SUSE:secrets :: enabled"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.253878013-02:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.254193423-02:00" level=warning msg="Your kernel does not support cgroup rt period"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.254210933-02:00" level=warning msg="Your kernel does not support cgroup rt runtime"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.254598876-02:00" level=info msg="Loading containers: start."
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.263207465-02:00" level=info msg="Firewalld running: true"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.610905622-02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.753282836-02:00" level=info msg="Loading containers: done."
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.770232867-02:00" level=warning msg="failed to retrieve docker-init version: unknown output format: tini version 0.16.1\n"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.770355140-02:00" level=info msg="Daemon has completed initialization"
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.770373347-02:00" level=info msg="Docker daemon" commit=c330000-unsupported graphdriver=overlay2 version=1.13.1
Oct 22 01:50:02 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:02.770515045-02:00" level=warning msg="Unable to locate plugin: rhel-push-plugin, retrying in 1s"
Oct 22 01:50:03 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:03.770785770-02:00" level=warning msg="Unable to locate plugin: rhel-push-plugin, retrying in 2s"
Oct 22 01:50:05 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:05.771228343-02:00" level=warning msg="Unable to locate plugin: rhel-push-plugin, retrying in 4s"
Oct 22 01:50:09 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:09.771575152-02:00" level=warning msg="Unable to locate plugin: rhel-push-plugin, retrying in 8s"
Oct 22 01:50:17 blackpad.localdomain dockerd-current[29654]: time="2017-10-22T01:50:17.771981546-02:00" level=fatal msg="Error creating middlewares: Error validating authorization plugin: legacy plugin: plugin not found"
Oct 22 01:50:17 blackpad.localdomain systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Oct 22 01:50:17 blackpad.localdomain systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.service has failed.
-- 
-- The result is failed.
Oct 22 01:50:17 blackpad.localdomain systemd[1]: docker.service: Unit entered failed state.
Oct 22 01:50:17 blackpad.localdomain systemd[1]: docker.service: Failed with result 'exit-code'.

The package 'docker' was updated to:

Name         : docker
Epoch        : 2
Version      : 1.13.1
Release      : 35.git8fd0ebb.fc27
Arch         : x86_64
Size         : 69 M
Source       : docker-1.13.1-35.git8fd0ebb.fc27.src.rpm
Repo         : @System
From repo    : updates-testing
Summary      : Automates deployment of containerized applications
URL          : https://github.com/projectatomic/docker
License      : ASL 2.0
Description  : Docker is an open-source engine that automates the deployment of any
             : application as a lightweight, portable, self-sufficient container that will
             : run virtually anywhere.
             : 
             : Docker containers can encapsulate any payload, and will run consistently on
             : and between virtually any server. The same container that a developer builds
             : and tests on a laptop will run at scale, in production*, on VMs, bare-metal
             : servers, OpenStack clusters, public instances, or combinations of the above.

Comment 5 rangermeier 2017-10-23 07:03:15 UTC

The update to docker-1.13.1-35.git8fd0ebb.fc27 fixed the issue with the missing seccomp profile for me. Docker is now working on my machine.

Comment 6 Ed Santiago 2017-10-23 14:38:03 UTC

dup of bug 1504065

Comment 7 Davi Garcia 2017-12-12 23:35:19 UTC


*** This bug has been marked as a duplicate of bug 1504065 ***

Note You need to log in before you can comment on or make changes to this bug.