ocker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:722: waiting for init preliminary setup caused: read init-p: connection reset by peer: unknown. ERRO[0000] error waiting for container: context canceled

[xsbiq]

Description

I have installed successfully the docker in the Linux machine. the linux machine is restricted to internet so I have whitelist the "https://download.docker.com/linux/" and installed it. And build the hello-world image in the local vm where internet is available and loaded that in my actual environment.
But when i try to run that image I am getting the below error

docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:722: waiting for init preliminary setup caused: read init-p: connection reset by peer: unknown. ERRO[0000] error waiting for container: context canceled

Output of docker version:

Docker version 20.10.7, build f0df350

**Output of `docker info`:**

sudo docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
  scan: Docker Scan (Docker Inc., v0.8.0)

Server:
 Containers: 4
  Running: 0
  Paused: 0
  Stopped: 4
 Images: 1
 Server Version: 20.10.7
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7eba5930496d9bbe375fdf71603e610ad737d2b2
 runc version: v1.0.0-0-g84113ee
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1160.36.2.el7.x86_64
 Operating System: Red Hat Enterprise Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 31.26GiB
 Name: hslmaxwba00008.linux.local
 ID: FEDI:2J3G:TZLM:5KLU:PETB:POD7:WJ5P:QNN5:FOCU:E6GN:EWVM:Y4EQ
 Docker Root Dir: /applic/MaximoDocker/docker-data/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

 runc --v
runc version 1.0.0
commit: v1.0.0-0-g84113ee
spec: 1.0.2-dev
go: go1.15.14
libseccomp: 2.3.1

Redhat version:
Red Hat Enterprise Linux Server release 7.9 (Maipo)


Could you please me to fix this issue. Any help would be much appreciated.

[xsbiq]

Command : sudo docker run -it hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:722: waiting for init preliminary setup caused: read init-p: connection reset by peer: unknown. ERRO[0000] error waiting for container: context canceled

[thaJeztah]

The error originates from the runc OCI runtime. I see you're not running the latest version of runc; some fixes have gone into runc v1.0.1 and v1.0.2, so it's worth trying if that helps your issue (opencontainers/runc@v1.0.0...v1.0.2)

I see there's two open issues in runc that could be related; opencontainers/runc#2586, and opencontainers/runc#1914. The last one looks quite similar to the error you're describing (init-p: connection reset by peer), and can be related to your kernel / system's configuration having limits set too low (there's some issues linked to that ticket that may provide more details)

[xsbiq]

@thaJeztah Thank you for the response.
I have done the same installation in another Linux machine which has same docker and runc version. There It is successful. I am able to run the images. and both the linux machines are "Red Hat Enterprise Linux Server release 7.9 (Maipo)". And I have tried with docker version 20.10.9 /2010.8 and the latest runc verison . Even with that, I am getting the same error.
runc version 1.0.2
commit: v1.0.2-0-g52b36a2
spec: 1.0.2-dev
go: go1.16.8
libseccomp: 2.3.1

I am thinking it is related to my environment. I have checked the pids.current (/sys/fs/cgroup/pids/docker) which has zero value.

And I am new to this docker , could you please help me to verify the " kernel / system's configuration limits". If it's low ,how can I increase it?

Thanks,
Sree

[thaJeztah]

You can try running the check-config.sh script from https://github.com/moby/moby/blob/master/contrib/check-config.sh, which checks for some options (but not sure if it checks for this specific case).

[thaJeztah]

let me close this ticket as this went stale