我正在最新的Ubuntu Docker映像上安装Docker CE,并收到以下错误。我认真遵循了安装说明;也许在Docker容器上安装Docker并不是解决这个问题的方法吗?我正在使用Jenkins Pipelines,并在Ubuntu容器上安装了Jenkins。下一部分是让Docker运行。
time="2018-10-26T13:25:09.920187300Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2018-10-26T13:25:09.920228600Z" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///var/run/docker/containerd/docker-containerd.sock 0 <nil>}]" module=grpc
time="2018-10-26T13:25:09.920250500Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2018-10-26T13:25:09.920286200Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420047e60, CONNECTING" module=grpc
time="2018-10-26T13:25:09.920480100Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420047e60, READY" module=grpc
time="2018-10-26T13:25:09.920501400Z" level=info msg="Loading containers: start."
time="2018-10-26T13:25:09.920666400Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: , error: exec: \"modprobe\": executable file not found in $PATH"
time="2018-10-26T13:25:09.920704800Z" level=warning msg="Running modprobe nf_nat failed with message: ``, error: exec: \"modprobe\": executable file not found in $PATH"
time="2018-10-26T13:25:09.920733300Z" level=warning msg="Running modprobe xt_conntrack failed with message: ``, error: exec: \"modprobe\": executable file not found in $PATH"
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
答案 0 :(得分:0)
典型的Docker容器以一组受限的权限运行。即使您是root容器中的用户,也无法修改网络配置,也无法安装文件系统。所以你看到的错误...
错误启动守护程序:错误初始化网络控制器:错误获取控制器实例:无法创建NAT链DOCKER:iptables失败:iptables -t nat -N DOCKER:iptables v1.6.1:无法初始化iptables表`nat':权限被拒绝(您必须是root)
...由于该限制而发生。您可以创建一个 通过使用以下内容与您的容器一起创建不受限制的容器:
docker run --privileged ...
您也许可以使用更细粒度的内容并授予
NET_ADMIN功能,如:
docker run --cap-add NET_ADMIN ...
只要容器所需的唯一“特殊”特权是网络配置,此方法便会起作用。