Could not set may_detach_mounts kernel parameter error=“error opening may_detach_mounts kernel config file: open /proc/sys/fs/may_detach_mounts: read-only file system” docker

akbarilham · November 23, 2021, 4:16am

Hi,
I try to install docker on LXD. security.nesting and security.privileged already enabled.
But still can’t start docker service. Here are the results.

INFO[2021-11-23T04:09:57.706133467Z] Starting up
DEBU[2021-11-23T04:09:57.707227628Z] Listener created for HTTP on unix (/var/run/docker.sock)
WARN[2021-11-23T04:09:57.707927764Z] Could not set may_detach_mounts kernel parameter error=“error opening may_detach_mounts kernel config file: open /proc/sys/fs/may_detach_mounts: read-only file system”
DEBU[2021-11-23T04:09:57.708460529Z] Golang’s threads limit set to 44343270
INFO[2021-11-23T04:09:57.709246205Z] parsed scheme: “unix” module=grpc
INFO[2021-11-23T04:09:57.709274541Z] scheme “unix” not registered, fallback to default scheme module=grpc
DEBU[2021-11-23T04:09:57.709459601Z] metrics API listening on /var/run/docker/metrics.sock
INFO[2021-11-23T04:09:57.709481652Z] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock 0 }] } module=grpc
INFO[2021-11-23T04:09:57.709648428Z] ClientConn switching balancer to “pick_first” module=grpc
INFO[2021-11-23T04:09:57.711935288Z] parsed scheme: “unix” module=grpc
INFO[2021-11-23T04:09:57.711969122Z] scheme “unix” not registered, fallback to default scheme module=grpc
INFO[2021-11-23T04:09:57.711994368Z] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock 0 }] } module=grpc
INFO[2021-11-23T04:09:57.712011050Z] ClientConn switching balancer to “pick_first” module=grpc
DEBU[2021-11-23T04:09:57.713507264Z] Using default logging driver json-file
DEBU[2021-11-23T04:09:57.713527443Z] processing event stream module=libcontainerd namespace=plugins.moby
DEBU[2021-11-23T04:09:57.713621552Z] [graphdriver] priority list: [btrfs zfs overlay2 fuse-overlayfs aufs overlay devicemapper vfs]
DEBU[2021-11-23T04:09:57.713990641Z] zfs command is not available: exec: “zfs”: executable file not found in $PATH storage-driver=zfs
ERRO[2021-11-23T04:09:57.721793213Z] failed to mount overlay: invalid argument storage-driver=overlay2
ERRO[2021-11-23T04:09:57.723716503Z] AUFS was not found in /proc/filesystems storage-driver=aufs
ERRO[2021-11-23T04:09:57.730958537Z] failed to mount overlay: invalid argument storage-driver=overlay
DEBU[2021-11-23T04:09:57.731557486Z] kernel dm driver version is 4.37.1 storage-driver=devicemapper
DEBU[2021-11-23T04:09:57.731602531Z] Deferred removal support enabled. storage-driver=devicemapper
DEBU[2021-11-23T04:09:57.731617708Z] Deferred deletion support enabled. storage-driver=devicemapper
ERRO[2021-11-23T04:09:57.731765695Z] Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a more recent version of libdevmapper or select a different storage driver. For more information, see dockerd | Docker Docs storage-driver=devicemapper
DEBU[2021-11-23T04:09:57.732360517Z] Initialized graph driver vfs
DEBU[2021-11-23T04:09:57.732712277Z] No quota support for local volumes in /var/lib/docker/volumes: Filesystem does not support, or has not enabled quotas
WARN[2021-11-23T04:09:57.735327166Z] Your kernel does not support cgroup memory limit
WARN[2021-11-23T04:09:57.735356920Z] Unable to find blkio cgroup in mounts
WARN[2021-11-23T04:09:57.735367305Z] Unable to find cpuset cgroup in mounts
WARN[2021-11-23T04:09:57.735375645Z] Unable to find pids cgroup in mounts
DEBU[2021-11-23T04:09:57.735879442Z] Cleaning up old mountid : start.
failed to start daemon: Devices cgroup isn’t mounted

This is lxc config show container

architecture: x86_64
config:
image.architecture: amd64
image.description: Centos 7 amd64 (20211122_07:08)
image.os: Centos
image.release: “7”
image.serial: “20211122_07:08”
image.type: squashfs
image.variant: default
limits.memory: 8GB
security.nesting: “true”
security.privileged: “true”
volatile.base_image: 8b7ba076c1bde4a9b1ee032c04c7a5d99e1ad1781e04d592895442b14644effe
volatile.eth0.host_name: macb40e4cbb
volatile.eth0.hwaddr: 00:16:3e:1a:6f:0c
volatile.eth0.last_state.created: “false”
volatile.idmap.base: “0”
volatile.idmap.current: ‘’
volatile.idmap.next: ‘’
volatile.last_state.idmap: ‘’
volatile.last_state.power: RUNNING
volatile.uuid: 30795c4d-a9bd-4a29-ac0e-2ae7f131b347
devices:
eth0:
name: eth0
nictype: macvlan
parent: nm-bond
type: nic
root:
path: /
pool: poc_apps
size: 50GB
type: disk
ephemeral: false
profiles:
       default
       stateful: false
       description: “”

Thanks in Advance!

cemzafer · November 23, 2021, 11:03am

Hi akbarilham,
After changing the settings, did you restart the container?
Regards.

brauner · November 23, 2021, 11:55am

Sigh, this is some RHEL specific stuff again. Apparently you need to enable this in order to create detached mounts. I expect this to be a system global setting so this needs to be enabled on the host.

akbarilham · November 24, 2021, 4:14am

Hi @cemzafer

Yes, I did it. But still can’t start docker service

akbarilham · November 24, 2021, 4:18am

Hi @brauner

Alright, is backport kernel should be enable? *Cmiiw

brauner · December 8, 2021, 9:33am

If you did enable the sysctl to allow for the creation of detached mounts you should try to start the containers again. If they still don’t start please paste the container’s log and dmesg output here.