From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 39DE21396D9 for ; Tue, 24 Oct 2017 11:35:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F277E2BC084; Tue, 24 Oct 2017 11:35:37 +0000 (UTC) Received: from smtp.bonedaddy.net (li1077-42.members.linode.com [45.33.94.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A16DDE090A for ; Tue, 24 Oct 2017 11:35:37 +0000 (UTC) Received: from [172.31.1.131] (WPIS-74-220-235-40.worldpath.net [74.220.235.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: tsg@bonedaddy.net) by smtp.bonedaddy.net (Postfix) with ESMTPSA id 74D68180066 for ; Tue, 24 Oct 2017 07:41:26 -0400 (EDT) Subject: Re: [gentoo-user] [OT] Being Facebook member: How to anon? To: gentoo-user@lists.gentoo.org References: <20171022085001.35mnpmv3e75dpxlz@solfire> <67FE85B8-5651-4A27-89E8-CBAC1C9CA4FD@stellar.eclipse.co.uk> <20171023155640.wx3o4ja2wd3z5cdj@solfire> <20171023213303.3dc5c397.openhs@tightmail.com> <20171024000458.clwnfu7lthoucuvx@solfire> <20171024001211.vay3qgtdo2sc6twx@solfire> <20171024015854.h3hahiv4lnou6p6h@solfire> <20171024024654.omryprp5anqbi6y5@solfire> From: Todd Goodman Message-ID: <82708a4d-8062-bf47-7aa5-25dcf35db929@bonedaddy.net> Date: Tue, 24 Oct 2017 07:35:35 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20171024024654.omryprp5anqbi6y5@solfire> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-Archives-Salt: 549b6d36-83d9-4130-91cd-568233296ed4 X-Archives-Hash: 7eae4c5c696a7a9203c9cce32a4eb65b On 10/23/2017 10:46 PM, tuxic@posteo.de wrote: > >>>> Hi Robert, >>>> >>>> oh YEAH! >>>> Thanks a lot for that quick start! >>>> >>>> I didi it, but... >>>> #>eix -I docker >>>> [I] app-emulation/docker >>>> Available versions: 17.03.2^si (~)17.06.2^si (~)17.09.0^si **9999^si {apparmor aufs btrfs +container-init +device-mapper hardened overlay pkcs11 seccomp} >>>> Installed versions: 17.09.0^si(05:48:14 PM 10/23/2017)(container-init device-mapper seccomp -apparmor -aufs -btrfs -hardened -overlay -pkcs11) >>>> Homepage: https://dockerproject.org >>>> Description: The core functions you need to create Docker images and run Docker containers >>>> >>>> [I] app-emulation/docker-proxy >>>> Available versions: 0.8.0_p20161111 (~)0.8.0_p20170917^t **9999 >>>> Installed versions: 0.8.0_p20170917^t(05:46:10 PM 10/23/2017) >>>> Homepage: https://github.com/docker/libnetwork >>>> Description: Docker container networking >>>> >>>> [I] app-emulation/docker-runc >>>> Available versions: 1.0.0_rc2_p20170308^t (~)1.0.0_rc3_p20170706^t (~)1.0.0_rc4_p20170917^t {+ambient apparmor hardened +seccomp} >>>> Installed versions: 1.0.0_rc4_p20170917^t(05:46:07 PM 10/23/2017)(ambient seccomp -apparmor -hardened) >>>> Homepage: http://runc.io >>>> Description: runc container cli tools (docker fork) >>>> >>>> >>>> #>groups >>>> wheel mail uucp audio cdrom video games cdrw usb users docker wireshark vboxusers vlock realtime >>>> ^----^ >>>> >>>> (as root) >>>> #>/etc/init.d/docker start >>>> * WARNING: docker has already been started >>>> (so it is runnig) >>>> >>>> (as user again) >>>> #>docker run --name firefox -e DISPLAY=$DISPLAY --device /dev/snd -v /tmp/.X11-unix:/tmp/.X11-unix -v $XAUTHORITY:/tmp/.host_Xauthority:ro -dti openhs/firefox-ubuntu >>>> >>>> docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?. >>>> See 'docker run --help'. >>>> [1] 10401 exit 125 docker run --name firefox -e DISPLAY=$DISPLAY --device /dev/snd -v -v -dti >>>> >>>> Hmmmm...seems I missed something... >>>> >>>> Cheers >>>> Meino >>>> >>>> >>>> >>>> >>> Found this in dmesg >>> >>> [ 1587.391861] device-mapper: table: 254:0: thin-pool: unknown target type >>> [ 1587.391863] device-mapper: ioctl: error adding target to table >>> >>> these two lines are added when I try to start /etc/ini.d/docker as root. >>> >>> Cheers >>> Meino >>> >>> >>> >> I could this problem by defining >> >> CONFIG_DM_THIN_PROVISIONING=y >> >> in the kernel, recompile it and the message disappears. >> BUT: >> still docker does not start... >> >> How can I fix that? >> >> Cheers >> Meino >> >> > Next fix: > Need to activate the complete cgroup features. > > Now I get this error message in /var/log/docker.log > > time="2017-10-24T04:42:39.358339658+02:00" level=info msg="Loading containers: start." > time="2017-10-24T04:42:39.869600530+02:00" level=error msg="could not get initial namespace: no such file or directory" > time="2017-10-24T04:42:39.884438663+02:00" level=error msg="failed to set to initial namespace, readlink /proc/4588/task/4588/ns/net: no such file or directory, initns fd -1: bad file descriptor" > time="2017-10-24T04:42:39.885161875+02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address" > time="2017-10-24T04:42:39.885339857+02:00" level=error msg="failed to set to initial namespace, readlink /proc/4588/task/4588/ns/net: no such file or directory, initns fd -1: bad file descriptor" > Error starting daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: Failed to inject DOCKER in PREROUTING chain: iptables failed: iptables --wait -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER: iptables: No chain/target/match by that name. > > ...and now I really did not know how to hack further... > > Any help is very appreciated... > > Cheers > Meino > You might need CONFIG_NF_NAT_IPV4 configured in your kernel to get the NAT table for iptables (-t nat) Todd