Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

failed to create bridge \"nerdctl0\" operation not permitted #3805

Open
exculibar opened this issue Jan 9, 2025 · 0 comments
Open

failed to create bridge \"nerdctl0\" operation not permitted #3805

exculibar opened this issue Jan 9, 2025 · 0 comments
Labels
kind/unconfirmed-bug-claim Unconfirmed bug claim

Comments

@exculibar
Copy link

exculibar commented Jan 9, 2025
edited
Loading

Description

After upgrade nertctl, I execute nertctl start redis then show a FATA error

nekoa@lima-ubuntu2204:/Users/nekoa$ nerdctl -a /run/user/501/containerd/containerd.sock --debug-full start redis
DEBU[0000] stateDir: /run/user/501/containerd-rootless  
DEBU[0000] RootlessKit detach-netns mode: true          
DEBU[0000] rootless parent main: executing "/usr/bin/nsenter" with [-r/ -w/Users/nekoa --preserve-credentials -m -U -t 1429 -F nerdctl -a /run/user/501/containerd/containerd.sock --debug-full start redis] 
FATA[0000] 1 errors:
failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running createRuntime hook #0: exit status 1, stdout: , stderr: time="2025-01-10T02:52:08+08:00" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): failed to create bridge \"nerdctl0\": could not add \"nerdctl0\": operation not permitted"

My containerd.service status

● containerd.service - containerd (Rootless)
     Loaded: loaded (/home/nekoa.linux/.config/systemd/user/containerd.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2025-01-10 02:50:57 CST; 16min ago
   Main PID: 1397 (rootlesskit)
      Tasks: 30
     Memory: 39.0M
        CPU: 18.995s
     CGroup: /user.slice/user-501.slice/user@501.service/app.slice/containerd.service
             ├─1397 rootlesskit --state-dir=/run/user/501/containerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --s>
             ├─1429 /proc/self/exe --state-dir=/run/user/501/containerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto >
             ├─1444 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-seccomp --userns-path=/proc/1429/ns/user --netns-type=pa>
             └─1452 containerd

Please tell me, what can I do to make nertctl start the redis process normally?
Thanks!

What version of nerdctl are you using?

Client:
 Version:	v2.0.1
 OS/Arch:	linux/amd64
 Git commit:	47f31ff2c1615c1accb85c1ce4e7882ad739102f
 buildctl:
  Version:	v0.18.0
  GitCommit:	95d190ef4f18b57c717eaad703b67cb2be781ebb

Server:
 containerd:
  Version:	v2.0.0
  GitCommit:	207ad711eabd375a01713109a8a197d197ff6542
 runc:
  Version:	1.2.2
  GitCommit:	v1.2.2-0-g7cb36325

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

Client:
 Namespace:	default
 Debug Mode:	false

Server:
 Server Version: v2.0.0
 Storage Driver: overlayfs
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Log:     fluentd journald json-file none syslog
  Storage: native overlayfs fuse-overlayfs stargz
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
  rootless
 Kernel Version:   5.15.0-127-generic
 Operating System: Ubuntu 22.04.4 LTS
 OSType:           linux
 Architecture:     x86_64
 CPUs:             4
 Total Memory:     3.814GiB
 Name:             lima-ubuntu2204
 ID:               b9e81d4d-390a-4539-a175-3255717c4526

WARNING: AppArmor profile "nerdctl-default" is not loaded.
         Use 'sudo nerdctl apparmor load' if you prefer to use AppArmor with rootless mode.
         This warning is negligible if you do not intend to use AppArmor.
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
@exculibar exculibar added the kind/unconfirmed-bug-claim Unconfirmed bug claim label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/unconfirmed-bug-claim Unconfirmed bug claim
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@exculibar