You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm encountering an issue when running a self-hosted GitHub Actions runner inside Azure Container Apps, which utilizes Docker in Docker installation. The Docker daemon starts up successfully with the fuse-overlayfs storage driver, but when attempting to pull an image, I receive the following error:
failed to register layer: unshare: operation not permitted
Warning: Docker pull failed with exit code 1, back off 5.716 seconds before retry.
Docker Version: Version: 27.3.1
Seccomp Configuration: I tried setting the seccomp profile to unconfined.
Custom Seccomp Policy: Created a seccomp policy that allows the unshare syscall, but the issue persists.
User Namespace: Attempted to set up user namespace remapping for a non-root user, but this also did not resolve the issue.
(not configured any storage at azure- guess won't make any difference)
I would appreciate any guidance or solutions to resolve this issue. If there are specific configurations or permissions that need to be adjusted in the Docker setup for Azure Container Apps, please let me know.
The text was updated successfully, but these errors were encountered:
fuse-overlayfs sounds like you're trying to use the -rootless variants, which are quite a bit fiddlier to get working properly in my experience -- is that accurate? Is there a reason you might be doing so? (and/or why you wouldn't simply be using the overlay2 driver if not?)
@tianon - I tried both rootless and root but ended up facing the same error while trying with different storage drivers I saw only fuse-overlayfs working.
daemon won't start with any other storage driver
Your container is definitely running with privileged? (even for the rootless variant, that's required)
You'll also want to verify/validate that you've got actual local storage mounted at /var/lib/docker inside the container (something like NFS is going to be a bad time -- you need something that the overlay2 driver supports as an underlay like actual ext4).
I'm encountering an issue when running a self-hosted GitHub Actions runner inside Azure Container Apps, which utilizes Docker in Docker installation. The Docker daemon starts up successfully with the fuse-overlayfs storage driver, but when attempting to pull an image, I receive the following error:
failed to register layer: unshare: operation not permitted
Warning: Docker pull failed with exit code 1, back off 5.716 seconds before retry.
Docker Version: Version: 27.3.1
Seccomp Configuration: I tried setting the seccomp profile to unconfined.
Custom Seccomp Policy: Created a seccomp policy that allows the unshare syscall, but the issue persists.
User Namespace: Attempted to set up user namespace remapping for a non-root user, but this also did not resolve the issue.
(not configured any storage at azure- guess won't make any difference)
I would appreciate any guidance or solutions to resolve this issue. If there are specific configurations or permissions that need to be adjusted in the Docker setup for Azure Container Apps, please let me know.
The text was updated successfully, but these errors were encountered: