Docker启用的usernamespace，容器开始失败_Docker_Centos_Docker Machine_Docker Container_Docker Command

Docker启用的usernamespace，容器开始失败

docker centos

Docker启用的usernamespace，容器开始失败,docker,centos,docker-machine,docker-container,docker-command,Docker,Centos,Docker Machine,Docker Container,Docker Command,OS:CentOs 当我启用docker命名空间时，我在运行容器时遇到了下面的错误 # docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 0e03bdcc26d7: Pull complete Digest: sha256:49a1c8800c94df04e9658809b006fd8a686cab8028d33cfba

OS:CentOs 当我启用docker命名空间时，我在运行容器时遇到了下面的错误

# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:49a1c8800c94df04e9658809b006fd8a686cab8028d33cfba2cc049724254202
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\"": unknown.

下面是我使用的设置

# id robot
uid=1000(robot) gid=1000(robot) groups=1000(robot)
# cat /etc/docker/daemon.json
{
  "userns-remap": "robot"
}

对于userns，您的用户和组还需要/etc/subuid和/etc/subgid中的条目

$ more /etc/subuid
robot:100000:65536

$ more /etc/subgid
robot:100000:65536

您还需要足够大的

user.max\u user\u命名空间的sysctl设置：
$ echo "user.max_user_namespaces=15000" >> /etc/sysctl.conf
$ sysctl -p

Docker提供了他们在RHEL/CentOS环境中看到的问题的更多详细信息：