发表新帖
发表新帖

docker on ubuntu 16.04 error when killing container

后端 未结
关注
6 653
心在旅途
心在旅途 2020-12-08 02:45

I can\'t kill or stop any docker container. I\'ve allowed non-privileged users to run Docker commands. And docker run hello-world works fine. But I can\'t stop

相关标签:
6条回答
  • 鱼传尺愫
    2020-12-08 02:57

    AppArmor (Application Armor) is a Linux security module that protects an operating system and its applications from security threats. To use it, a system administrator associates an AppArmor security profile with each program. Docker expects to find an AppArmor policy loaded and enforced. Check default profiles with:

    # sudo apparmor_status

    To use docker default profile on a container, run:

    $ docker run --rm -it --name test-container --security-opt apparmor=docker-default image-name

    You disable it using the commands:

    --security-opt apparmor=unconfined

    With the docker run commands.

    To disable apparmor service, use:

    # systemctl stop apparmor && systemctl disable apparmor

    For Ubuntu 14. Use:

    # service apparmor stop
# update-rc.d -f apparmor remove

    It’s recommended to set working profiles for Docker apparmor than disabling it, especially for production setups.

    Check this awesome google document on Securing Containers with AppArmor.

    https://cloud.google.com/container-optimized-os/docs/how-to/secure-apparmor

    0 讨论(0)
  • 后悔当初
    2020-12-08 02:57

    Just run this command in the terminal, all docker running container will stoped

    sudo systemctl restart docker.service
    0 讨论(0)
  • 面向向阳花
    2020-12-08 03:06

    Follow these steps to be able to stop the container:

    Disable the apparmor service: 

    sudo systemctl disable apparmor.service --now

    Unload AppArmor profiles:

    sudo service apparmor teardown

    Check AppArmor status:

    sudo aa-status

    You should be able to stop and kill your container now.

    Credits

    0 讨论(0)
  • 面向向阳花
    2020-12-08 03:10

    After using the below commands I was able to use docker-compose stop again:

    sudo apt-get purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes
    0 讨论(0)
  • 北荒
    2020-12-08 03:12

    This command will stop all docker containers.

    sudo killall docker-containerd-shim

    This command will remove all docker containers.

    sudo docker-compose down
    0 讨论(0)
  • 悲&欢浪女
    2020-12-08 03:16

    For me removing the unknown from AppArmor works: 

    sudo aa-remove-unknown
    0 讨论(0)
 看不清?
提交回复
热议问题