docker - lxc-start：无效参数 - 克隆失败

Question

完全的新手试图让我的脚在码头上弄湿，所以也许我做的事情显然是错误的。我在运行容器时遇到问题：

root@tethys:~# docker run ubuntu ls
lxc-start: Invalid argument - failed to clone

lxc-start: failed to create vethNGY9xv-veth3eKuyS : Operation not supported
lxc-start: failed to create netdev
lxc-start: failed to create the network
lxc-start: failed to spawn '38e59da80ff79f024304c761704924172fbd7632be705f9b71659a91de8467e9'
lxc-start: No such file or directory - failed to remove cgroup '/sys/fs/cgroup/cpuset//lxc/38e59da80ff79f024304c761704924172fbd7632be705f9b71659a91de8467e9'

一切似乎都已正确安装：

root@tethys:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
learn/tutorial      latest              8dbd9e392a96        8 months ago        128 MB
ubuntu              12.04               8dbd9e392a96        8 months ago        128 MB
ubuntu              latest              8dbd9e392a96        8 months ago        128 MB
ubuntu              precise             8dbd9e392a96        8 months ago        128 MB
ubuntu              12.10               b750fe79269d        8 months ago        175.3 MB
ubuntu              quantal             b750fe79269d        8 months ago        175.3 MB

docker版本是目前稳定的版本（其实是六天前提交的）：

root@tethys:~# docker version
Client version: 0.7.1
Go version (client): go1.2
Git commit (client): 88df052
Server version: 0.7.1
Git commit (server): 88df052
Go version (server): go1.2
Last stable version: 0.7.1

我想说我的系统应该得到支持：

root@tethys:~# uname -a
Linux tethys.wavilon.net 2.6.38.2-grsec-xxxx-grs-ipv6-64 #2 SMP Thu Aug 25 16:40:22 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
root@tethys:~# cat /etc/issue
Ubuntu 12.04.3 LTS \n \l

我还能检查什么？

Answer 1

根据文档，docker“在 3.8 内核上效果最好”。

Answer 2

对于 grsecurity 内核，特别是如果您尝试在 LXC 中运行“非特权容器”，则需要在以下位置设置以下内容/etc/sysctl.conf：

kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_pivot = 0
kernel.grsecurity.chroot_deny_chroot = 0
kernel.grsecurity.chroot_deny_mount = 0

＆ 然后sysctl -p