docker failed to create task for container: failed to create shim task: OCI runtime create failed:

question

According to the CentOS installation docker guide , an error is reported when starting hello-world, as mentioned in the prompt message OCI runtime, the root cause is runc did not terminate successfully

[root@localhost composetest]# sudo docker run hello-world
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/moby/4a7cc9e9d0d66c8db7f9cd68ffa2631c54d3e3dab4c408fd2af564b1cd496536/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown.
ERRO[0000] error waiting for container:  

solve

Refer to [error solution] docker can not find runc: failed to create shim: OCI runtime create failed: unable to retrieve OCI runtime , this problem is runcrelated to it, check the docker version does not have runc information

[root@localhost composetest]# docker version
Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:53:10 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:52:10 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
  //如果正常，这里应该有 runc的信息
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Check the status of docker, there is no promptrunc

[root@localhost composetest]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-06-29 16:24:21 CST; 5min ago
     Docs: https://docs.docker.com
 Main PID: 22144 (dockerd)
    Tasks: 12
   Memory: 38.4M
   CGroup: /system.slice/docker.service
           └─22144 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.863821695+08:00" level=warning 
//这里提示没有runc version
msg="failed to retrieve runc version: exit>
6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.879643673+08:00" level=info msg="Docker daemon" commit=659604f graphdrive>
6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.879688811+08:00" level=info msg="Daemon has completed initialization"
6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.903813923+08:00" level=info msg="API listen on /run/docker.sock"
6月 29 16:24:21 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
6月 29 16:25:17 localhost.localdomain dockerd[22144]: time="2023-06-29T16:25:17.603433056+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:25:17 localhost.localdomain dockerd[22144]: time="2023-06-29T16:25:17.603501074+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:26:31 localhost.localdomain dockerd[22144]: time="2023-06-29T16:26:31.575391981+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:26:31 localhost.localdomain dockerd[22144]: time="2023-06-29T16:26:31.575508418+08:00" level=error msg="stream copy error: reading from a close>
6月 29 16:29:33 localhost.localdomain dockerd[22144]: time="2023-06-29T16:29:33.001615925+08:00" 
//这里提示没有runc version
level=warning msg="failed to retrieve runc version: exit>

Finally, it may be libseccompcaused by the low version, look at the current version

[root@localhost composetest]# rpm -qa | grep libseccomp
libseccomp-2.3.3-3.el8.x86_64

upgrade

yum update libseccomp

After upgrading, check the docker version already runcexists .

[root@localhost composetest]# docker version
Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:53:10 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:52:10 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
  //有runc版本了
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Summarize

OCIIn the process of solving , we encountered runcnouns such as , etc. According to the difference between Docker, containerd, CRI-O and runc , OCIyes open container initiative, it is a set of specifications about mirroring and containers. It also provides the implementation of runc, which runcis used to create and run the container.