Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't connect to Docker daemon when SELinux is in use

See original GitHub issue
  • running Fedora 26
  • sudo dnf remove docker-ce and reboot (just in case)
  • sudo snap install --edge --classic microk8s (also tried --beta and --stable)
  • microk8s.inspect shows everything ok
  • microk8s.docker -D -l debug <command> outputs nothing and hangs, no matter what command I try (even --help)
  • I see this in the kubelet log:
$ sudo journalctl -u snap.microk8s.daemon-kubelet.service|tail
Oct 16 08:20:44 gogo microk8s.daemon-kubelet[12994]: W1016 08:20:44.727621   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:21:24 gogo microk8s.daemon-kubelet[12994]: W1016 08:21:24.727881   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:22:04 gogo microk8s.daemon-kubelet[12994]: W1016 08:22:04.728205   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:22:44 gogo microk8s.daemon-kubelet[12994]: W1016 08:22:44.728530   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:23:24 gogo microk8s.daemon-kubelet[12994]: W1016 08:23:24.728768   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:24:04 gogo microk8s.daemon-kubelet[12994]: W1016 08:24:04.729119   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:24:44 gogo microk8s.daemon-kubelet[12994]: W1016 08:24:44.729457   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:25:24 gogo microk8s.daemon-kubelet[12994]: W1016 08:25:24.729655   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:26:04 gogo microk8s.daemon-kubelet[12994]: W1016 08:26:04.729875   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry
Oct 16 08:26:44 gogo microk8s.daemon-kubelet[12994]: W1016 08:26:44.730078   12994 manager.go:253] Timeout trying to communicate with docker during initialization, will retry

inspection-report-20181016_082316.tar.gz

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:1
  • Comments:18 (12 by maintainers)

github_iconTop GitHub Comments

4reactions
ktsakalozoscommented, Feb 7, 2019

Nice talking to you face to face @GregoireW .

Indeed the file system with the binaries is read only and I read the labels are filesystem metadata.

I want to see if I can set labels during the build of the snap package. I will have news on this soon.

2reactions
ktsakalozoscommented, Oct 16, 2018

Hi @akaihola ,

Thank you for reporting this.

Here is what happens. When dockerd starts it listens on a socket (unix:///var/snap/microk8s/current/docker.sock), selinux is blocking socket communication by default as discussed in https://forum.snapcraft.io/t/selinux-blocking-socket-activation-on-fedora/6931 . You can verify this by temporarily disabling selinux and restarting microk8s:

sudo setenforce permissive
sudo snap stop microk8s
sudo snap start microk8s

I am taking a look now how/if we can detect selinux and set it to allow the required socket communication.

Thank you for taking the time to report this issue and apologies for any inconvenience.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Can't connect to Docker daemon when SELinux is in use #135
My idea was first to try to set the selinux container type on the docker in the snap, but unfortunatly I got a...
Read more >
Docker can't connect to docker daemon - Stack Overflow
On RedHat/CentOS, run: sudo systemctl start docker . To initialize the "base" filesystem, run: $ sudo service docker stop $ sudo rm -rf...
Read more >
Why am I getting "Cannot connect to the Docker daemon ...
Ideally, a group called docker is created when installing Docker. However, if that group does not exist when the daemon is started, the...
Read more >
Run the Docker daemon as a non-root user (Rootless mode)
To run Rootless Docker inside “rootful” Docker, use the docker:<version>-dind-rootless image instead of docker:<version>-dind . $ docker run -d --name dind- ...
Read more >
ERROR: Couldn't connect to Docker daemon at ... - Server Fault
possibly SELinux related issue: # docker-compose ps ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Ingress not working on AWS.

Next page

Security: don't bind to insecure address by default