Package: docker.io Version: 20.10.5+dfsg1-1+b5 Severity: important Dear Maintainer,
After upgrading from Buster to Bullseye, rootless docker containers now fail to build or start, with the following error message: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:340: applying cgroup configuration for process caused: read unix @->/run/systemd/private: read: connection reset by peer: unknown Error: failed to start containers: mycontainer The failure seems related to the switch from cgroup v1 to v2 in Bullseye. I have found two workarounds: 1. Edit ~/.config/systemd/user/docker.service (which was generated by dockerd-rootless-setuptool.sh), adding this option to the ExecStart command: --exec-opt native.cgroupdriver=cgroupfs 2. Boot the system with these kernel options: systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false Since there appears to be a mismatch between how Bullseye manages cgroups v2 and how docker expects them to be managed, my uninformed guess is that one of them needs to change. Failing that, perhaps dockerd-rootless-setuptool.sh should be updated to apply workaround #1 when generating new unit files? (In case you wonder how rootless docker was working on Buster in the first place, it's because I have been using the Debian Unstable docker.io package & dependencies on my Buster system for about a year.) Thanks for your attention. -- System Information: Debian Release: 11.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: arm64 (aarch64) Kernel: Linux 5.10.0-8-arm64 (SMP w/6 CPU threads) Kernel taint flags: TAINT_USER Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages docker.io depends on: ii adduser 3.118 ii containerd 1.4.5~ds1-2 ii init-system-helpers 1.60 ii iptables 1.8.7-1 ii libc6 2.31-13 ii libdevmapper1.02.1 2:1.02.175-2.1 ii libsystemd0 247.3-6 ii lsb-base 11.1.0 ii runc 1.0.0~rc93+ds1-5+b2 ii tini 0.19.0-1 Versions of packages docker.io recommends: ii apparmor 2.13.6-10 ii ca-certificates 20210119 pn cgroupfs-mount <none> ii git 1:2.30.2-1 pn needrestart <none> ii xz-utils 5.2.5-2 Versions of packages docker.io suggests: pn aufs-tools <none> pn btrfs-progs <none> pn debootstrap <none> pn docker-doc <none> ii e2fsprogs 1.46.2-2 pn rinse <none> ii rootlesskit 0.14.2-1+b3 pn xfsprogs <none> pn zfs-fuse | zfsutils-linux <none> -- no debconf information
