BUG REPORT INFORMATION - Docker CE 1.13.1 issue while changing kernel semaphore changes(kernel.sem) #313
Description
BUG REPORT INFORMATION
Use the commands below to provide key information from your environment:
You do NOT have to include this information if this is a FEATURE REQUEST
--> docker run --name webserver1 -d -p 9091:80 --sysctl kernel.sem="250 32000 100 2048" nginx
Description
Steps to reproduce the issue:
- Make sure u are on docker version 1.13.1 on RHEL-7.5/RHEL-7.4
- Change the host kernel settings : sysctl -w kernel.sem="250 32000 100 2048"
- Check weather the changes are reflected on host cat /proc/sys/kernel/sem
- Run docker run --name webserver1 -d -p 9091:80 --sysctl kernel.sem="250 32000 100 2048" nginx
if successful: - docker exec -it webserver1 bash
- cat /proc/sys/kernel/sem - to cross check weather the changes are reflected inside the container
** Output of error **
aa71efee7bf149794a11fb27eab1a25640c6cc3c09192f610d5b14cafe186b26
/usr/bin/docker-latest: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:364: container init caused "open /proc/sys/kernel/sem: permission denied"".
Describe the results you received:
Docker service was unable to pick the desired kernel changes on host.
Describe the results you expected:
the kernel semaphore changes are supposed to be reflected inside the container.
Additional information you deem important (e.g. issue happens only occasionally):
It perfectly works fine with docker 1.12.x and docker 18.03.
Output of docker version:
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-latest-1.13.1-58.git87f2fab.el7.x86_64
Go version: go1.9.2
Git commit: 85fc86f-unsupported
Built: Mon Mar 19 14:51:16 2018
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-latest-1.13.1-58.git87f2fab.el7.x86_64
Go version: go1.9.2
Git commit: 85fc86f-unsupported
Built: Mon Mar 19 14:51:16 2018
OS/Arch: linux/amd64
Experimental: false
Output of docker info:
Containers: 41
Running: 4
Paused: 0
Stopped: 37
Images: 36
Server Version: 1.13.1
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: false
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: docker-runc docker-runc-debug runc
Default Runtime: docker-runc-debug
Init Binary: docker-init
containerd version: 85fc86fe510461b1920d35e9819c792b1ccc054d (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: e9c345b3f906d5dc5e8100b05ce37073a811c74a (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
Profile: default
selinux
userns
Kernel Version: 3.10.0-862.3.2.el7.x86_64
Operating System: Red Hat Enterprise Linux
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 4
Total Memory: 15.51 GiB
Name:XXXXXXXXXXXXXX
ID: Q5L7:E6VG:MSG2:QKKU:FZEO:QTCV:G4IY:2GX5:5FHI:LIG2:B7OW:6BRK
Docker Root Dir: /app/docker-latest/100000.100000
Debug Mode (client): false
Debug Mode (server): false
Registry: https://registry.access.redhat.com/v1/
Experimental: false
Insecure Registries:
XXXXXXXXXXXX
Live Restore Enabled: false
Registries: registry.access.redhat.com (secure), docker.io (secure)
Additional environment details (AWS, VirtualBox, physical, etc.):
AWS- EC2 instance
OS -RHEL-7.5