背景:
从2020-11-02开始,官方的 Docker Hub开始对pull请求加上了限制,限制为匿名用户(未登录),每6小时只能拉100次image,登录的免费用户每6小时拉200次镜像。
目标:
将 go1.14.2 打包成镜像传到公司的私有镜像空间,后续每次上线就不用去拉取开源的go1.14.2了。
问题:build镜像总是失败,报错。
OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "/var/lib/docker/containers/1b13e6f3e0e0105b86b9dd406f71bff1545f1339c5213df1c05fd85d9e0b8070/resolv.conf" to rootfs at "/etc/resolv.conf" caused: mount through procfd: possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown docker build error!
检查我的centos版本
cat /etc/redhat-release
检查docker版本
yum list installed | grep docker
原因:
定位是centos7.2版本和 ContainerD.io 1.4.8不兼容。调整docker版解决。
解决:
1,卸载现有docker
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine docker-ce-cli docker-scan-plugin
2,安装指定版本的docker
yum -y install docker-ce-18.06.0.ce-3.el7
3,确认
4,重启docker,再次支持duilder,成功
sudo systemctl start docker
检查状态
systemctl status docker
