Docker inside Gitpod

Hi,

I’m trying to build a module of AWS CDK which uses Docker.

What is the way to resolve this error in Gitpod, please:

OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: write sysctl key net.ipv4.ip_unprivileged_port_start: open /proc/sys/net/ipv4/ip_unprivileged_port_start: read-only file system: unknown

https://github.com/gitpod-io/gitpod/issues/52 suggests that you can use Feature Preview - is it available in the free version of GitPod - I cannot see it ?

Thanks.

2 Likes

Hey @OksanaH, welcome to the Gitpod community! :tada:

Docker support (Root Access) is now enabled by default and has graduated from Feature Preview. On every workspace you should be able to type $ docker and see the command running successfully, right? :whale2:

Found these two issues[1][2] which could be related. Let me loop in @aledbf, @corneliusludmann, and @csweichel in case they can add any comments.

In the meantine, it could help to provide a minimal, reproducible example or more details on what steps you are following that trigger this error message.

@OksanaH are you using docker run with the flag --privileged ?
Please check [docker] docker run --privileged does not work · Issue #2459 · gitpod-io/gitpod · GitHub

I have been able to reproduce this as well:

gitpod /workspace/aws-cdk/packages/@aws-cdk/lambda-layer-awscli $ yarn build+test 
yarn run v1.22.5
$ yarn build && yarn test
$ cdk-build
>> Building AWS Lambda layer inside a docker image...
Sending build context to Docker daemon  4.096kB
Step 1/18 : FROM public.ecr.aws/lambda/provided:latest
 ---> 704280f2a2fd
Step 2/18 : ARG AWSCLI_VERSION=1.18.198
 ---> Using cache
 ---> 9e1c89d2e9dd
Step 3/18 : USER root
 ---> Using cache
 ---> de94c9e4821b
Step 4/18 : RUN mkdir -p /opt
 ---> Running in a4005bffb684
OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: write sysctl key net.ipv4.ip_unprivileged_port_start: open /proc/sys/net/ipv4/ip_unprivileged_port_start: read-only file system: unknown
Error: layer/build.sh exited with error code 1

@OksanaH are you using docker run with the flag --privileged ?

@aledbf the build does not use docker run --privileged. See here for the script: aws-cdk/build.sh at 4439763a0574d2007b1ef64779ecfdcf1e01c9fd · aws/aws-cdk · GitHub

It looks like this is working now on Gitpod Saas, which is great!

I would be really grateful if someone could tell me how to get Docker in Gitpod working again on self-hosted…

I’ve been trying various things on self-hosted 0.10.0 - without much luck. And having Docker in Gitpod here is key to the project I am working on.

Heads up that docker in docker is resolved in 0.10.0-nighly!

Cool - I will try and take that for a spin. Although I have my 0.10.0 install and setup working now, I have yet to get nightly to work completely.