碼頭運行你好，世界仍然失敗，權限被拒絕

Question

我試圖運行碼頭，但它仍然失敗。以下是我得到

root@c1170137:~# docker run hello-world 
Unable to find image 'hello-world:latest' locally 
latest: Pulling from library/hello-world 

c04b14da8d14: Extracting 974 B/974 B 
docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: permission denied. 
See 'docker run --help'. 

內核：4.4.16-1-PVE

我使用Debian的傑西

Distributor ID: Debian 
Description: Debian GNU/Linux 8.5 (jessie) 
Release:  8.5 
Codename:  jessie 

編輯： daemon.log中 http://hastebin.com/qinufacuto.coffee

碼頭信息

root@c1177124:~# docker info 
Containers: 0 
Running: 0 
Paused: 0 
Stopped: 0 
Images: 0 
Server Version: 1.12.1 
Storage Driver: vfs 
Logging Driver: json-file 
Cgroup Driver: cgroupfs 
Plugins: 
Volume: local 
Network: host bridge null overlay 
Swarm: inactive 
Runtimes: runc 
Default Runtime: runc 
Security Options: 
Kernel Version: 4.4.16-1-pve 
Operating System: Debian GNU/Linux 8 (jessie) 
OSType: linux 
Architecture: x86_64 
CPUs: 32 
Total Memory: 2 GiB 
Name: c1177124 
ID: 4YUJ:OL2E:WLJC:23WJ:5HRW:LRY3:QHKC:MKXO:JDWO:VWOQ:JMWN:V52W 
Docker Root Dir: /var/lib/docker 
Debug Mode (client): false 
Debug Mode (server): false 
Registry: https://index.docker.io/v1/ 
WARNING: bridge-nf-call-iptables is disabled 
WARNING: bridge-nf-call-ip6tables is disabled 
Insecure Registries: 
127.0.0.0/8 

順便說一下，問題可能是由內核引起的。 謝謝你的任何想法或解決方案

Answer 1

如果你不關心安全或相信自己的碼頭工人，容器：通過在加入lxc.aa_profile: unconfined

1. 編輯在/etc/pve/lxc/ID.conf在主機上的LXC容器的配置文件文件結尾。
2. 刪除的AppArmor：apt-get remove apparmor --purge

Answer 2

蔭解決了這個問題與主機執行以下命令：

LXC配置設置您-LXC-名security.nesting真正

LXC配置設定-lxc-name security.privileged true