Docker issue : failed to write "a *:* rwm": write /sys/fs/cgroup/devices/docker/...../devices.allow: operation not permitted: unknown

FredR

Le problème :

docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: failed to write "a *:* rwm": write /sys/fs/cgroup/devices/docker/9062e5fe97eaccd163ea072644a4593a1dc707e090298a08d959ae5dc8f510b3/devices.allow: operation not permitted: unknown.

Version :

#  lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.5 LTS
Release:        22.04
Codename:       jammy

# docker --version
Docker version 24.0.2, build cb74dfc

# docker info | grep Cgroup
 Cgroup Driver: cgroupfs
 Cgroup Version: 1

# grep cgroup /proc/filesystems
nodev   cgroup
nodev   cgroup2

# stat -fc %T /sys/fs/cgroup/
tmpfs

# dpkg -l | grep docker
ii  docker-buildx-plugin              0.10.5-1~ubuntu.18.04~bionic                     amd64        Docker Buildx cli plugin.
ii  docker-ce                         5:24.0.2-1~ubuntu.18.04~bionic                   amd64        Docker: the open-source application container engine
ii  docker-ce-cli                     5:24.0.2-1~ubuntu.18.04~bionic                   amd64        Docker CLI: the open-source application container engine
ii  docker-ce-rootless-extras         5:24.0.2-1~ubuntu.18.04~bionic                   amd64        Rootless support for Docker.
ii  docker-compose-plugin             2.18.1-1~ubuntu.18.04~bionic                     amd64        Docker Compose (V2) plugin for the Docker CLI.

FredR

A faire :

cat /sys/fs/cgroup/devices/devices.list

Voir aussi le paramètre :

lxc.cgroup.devices.allow = a

FredR

Voir https://oneuptime.com/blog/post/2026-02-08-how-to-understand-docker-container-cgroups-in-depth/view

ls /sys/fs/cgroup/cgroup.controllers 2>/dev/null && echo "cgroups v2" || echo "cgroups v1"
stat -fc %T /sys/fs/cgroup/

FredR

Sur un autre serveur en Ubuntu 22 :

$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
$ stat -fc %T /sys/fs/cgroup/
cgroup2fs
$ cat /etc/default/grub | grep "^GRUB"
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX=""
$ docker --version
Docker version 29.3.1, build c2be9cc
$ mount|grep cgroup
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)

FredR

Check /etc/pve/lxc/*.conf :

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

NodeBB

Docker issue : failed to write "a : rwm": write /sys/fs/cgroup/devices/docker/...../devices.allow: operation not permitted: unknown