Docker Containers can not be stopped or removed - permission denied Error
Issue: Can not stop docker containers, whenever I try to stop containers I get the following Error message,
ERROR: for yattyadocker_web_1 cannot stop container: 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: Cannot kill container 1f04148910c5bac38983e6beb3f6da4c8be3f46ceeccdc8d7de0da9d2d76edd8: rpc error: code = PermissionDenied desc = permission denied
OS Version/build: Ubuntu 16.04 | Docker Version 17.09.0-ce, build afdb6d4 | Docker Compose version 1.17.1, build 6d101fb
Steps to reproduce:
- Created a rails project with Dockerfile and docker-compose.yml. docker-compose.yml is of version 3.
- Image is built successfully with either
docker build -t <project name> .ordocker-compose up --build - Containers boots up and runs successfully.
- Try to stop docker compose with docker-compose down.
What I tried::
- I have to run
sudo service docker restartand then the containers can be removed. - Uninstalled docker, removed docker directory and then re installed everything. Still facing same issue.
Note: This configuration was working correctly earlier, but somehow file permissions might have changed and I am seeing this error. I have to run sudo service docker restart and then the containers can be removed. But this is highly inconvenient and I don't know how to troubleshoot this.
Reference Files:
# docker-compose.yml
version: '3'
volumes:
db-data:
driver: local
redis-data:
driver: local
services:
db:
image: postgres:9.4.1
volumes:
- db-data:/var/lib/postgresql/data
ports:
- "5432:5432"
env_file: local_envs.env
web:
image: yattya_docker:latest
command: bundle exec puma -C config/puma.rb
tty: true
stdin_open: true
ports:
- "3000:3000"
links:
- db
- redis
- memcached
depends_on:
- db
- redis
- memcached
env_file: local_envs.env
redis:
image: redis:3.2.4-alpine
ports:
# We'll bind our host's port 6379 to redis's port 6379, so we can use
# Redis Desktop Manager (or other tools) with it:
- 6379:6379
volumes:
# We'll mount the 'redis-data' volume into the location redis stores it's data:
- redis-data:/var/lib/redis
command: redis-server --appendonly yes
memcached:
image: memcached:1.5-alpine
ports:
- "11211:11211"
clock:
image: yattya_docker:latest
command: bundle exec clockwork lib/clock.rb
links:
- db
depends_on:
- db
env_file: local_envs.env
worker:
image: yattya_docker:latest
command: bundle exec rake jobs:work
links:
- db
depends_on:
- db
env_file: local_envs.env
And Dockerfile:
# Dockerfile
FROM ruby:2.4.1
RUN apt-get update && apt-get install -y nodejs --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV APP_HOME /app
RUN mkdir -p $APP_HOME
WORKDIR $APP_HOME
ADD Gemfile* $APP_HOME/
RUN bundle install
ADD . $APP_HOME
RUN mkdir -p ${APP_HOME}/log
RUN cat /dev/null > "$APP_HOME/log/development.log"
RUN mkdir -p ${APP_HOME}/tmp/cache \
&& mkdir -p ${APP_HOME}/tmp/pids \
&& mkdir -p ${APP_HOME}/tmp/sockets
EXPOSE 3000
Answer
For anyone that does not wish to completely purge AppArmor.
Check status: sudo aa-status
Shutdown and prevent it from restarting: sudo systemctl disable apparmor.service --now
Unload AppArmor profiles: sudo service apparmor teardown
Check status: sudo aa-status
You should now be able to stop/kill containers.