Isn’t it frustrating if you can’t even start a Docker container?

Usually, the Docker oci runtime error occurs due to improper namespace setup or system file errors.

Start-up errors in Docker containers always need an immediate fix.

Therefore, at Bobcares we often get requests to fix Docker errors as a part of our Docker Hosting Support.

Today, let’s have a look into Docker oci runtime error and see how our Support Engineers fix it.

Docker oci runtime error in detail

Before discussing further, let’s first have a quick look at Docker.

Docker container technology helps developers and sysadmins to develop, setup, and run applications.

Basically, a container is a software that wraps up code and its dependencies for any application. This makes the application run quickly and reliably from any computing environment.

But, many times Docker containers will end up showing errors. Let’s discuss a few situations where Docker oci runtime error can occur. Also, we will see how our Support Engineers fix it.

1. When namespaces isolate containers

Namespaces are intended to provide isolation for running processes. So, the namespaces limit the Docker access to system resources. But the running processes may not be aware of these restrictions.

Therefore, when we isolate containers using namespace and run the container, we get the error.

docker: docker: Error response from daemon: oci runtime error: container_linux.go:262: starting container process caused "process_linux.go:247: running exec setns process for init caused \"exit status 34\"".

When our customers have such an error, our Support Team checks the namespace setup.

We make sure that the value user.max_user_namespaceis set to 0 or above. And also ensure that the following kernel argument has the correct value.

namespace.unpriv_enable=1.

2. Error after enabling namespaces

Sometimes the container may be unable to run even after enabling the namespace. Here the error message shows up as

nsenter: failed to update /proc/13948/uid_map: Invalid argument
nsenter: failed to sync with parent: SYNC_USERMAP_ACK: got 255: Success
container_linux.go:262: starting container process caused "process_linux.go:247: running exec setns process for init caused \"exit status 2\""
docker: Error response from daemon: oci runtime error: container_linux.go:262: starting container process caused "process_linux.go:247: running exec setns process for init caused \"exit status 2\"".
ERRO[0000] error waiting for container: context canceled

In this case, our Support Team first makes sure that the namespace is enabled properly. Further, we check two files.

/etc/subuid

/etc/subgid

Usually, multiple entries in any of these files result in Docker error. So, we check the entries in the file and remove the unwanted one.

Finally, we check by running the container again.

3. Incorrect container settings

In some cases, the container fails to run due to the wrong settings. For instance, in Docker 18.09, an oci runtime error shows up.

docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "exec: \"/bin/ucp-tool\": stat /bin/ucp-tool: no such file or directory": unknown.

Usually, this error occurs due to an incorrect flag set up in the Docker systemD unit file.

So, our Support Team initially checks both the docker file and .conf file. The configuration file for Docker flag is /etc/systemd/system/docker.service.d/mount_flags.conf.

Later, we remove the unwanted entries. Finally, we restart the Docker service to ensure the proper working of the container.

[Still, Docker is showing oci runtime error? – We will fix it for you]

Conclusion

In short, Docker oci runtime error usually occurs due to improper setup of namespaces or errors in system files. We saw how our Support Engineers fix it for our customers.