OS: CentOs When i am enabling the docker namespace, i am running into the bellow error while running container
# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:49a1c8800c94df04e9658809b006fd8a686cab8028d33cfba2cc049724254202
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\"": unknown.
Below is the setting I have used
# id robot
uid=1000(robot) gid=1000(robot) groups=1000(robot)
# cat /etc/docker/daemon.json
{
"userns-remap": "robot"
}
For userns, you also need entries in /etc/subuid and /etc/subgid for your user and group.
$ more /etc/subuid
robot:100000:65536
$ more /etc/subgid
robot:100000:65536
You will also want a sysctl setting for user.max_user_namespaces that is large enough:
$ echo "user.max_user_namespaces=15000" >> /etc/sysctl.conf
$ sysctl -p
Docker has more details on issues they've seen on RHEL/CentOS environments that they've seen: https://success.docker.com/article/user-namespace-runtime-error