docker failed to create task for container: failed to create shim task: OCI runtime create failed:

问题

根据CentOS安装docker指南，启动hello-world时报错，提示信息中提到了OCI runtime，根本原因是 runc did not terminate successfully

[root@localhost composetest]# sudo docker run hello-worlddocker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/moby/4a7cc9e9d0d66c8db7f9cd68ffa2631c54d3e3dab4c408fd2af564b1cd496536/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown.ERRO[0000] error waiting for container:  

解决

参考【错误解决】docker找不到runc：failed to create shim: OCI runtime create failed: unable to retrieve OCI runtime，这个问题跟runc有关，查看docker版本的确没有runc信息

[root@localhost composetest]# docker versionClient: Docker Engine - Community Version:           24.0.2 API version:       1.43 Go version:        go1.20.4 Git commit:        cb74dfc Built:             Thu May 25 21:53:10 2023 OS/Arch:           linux/amd64 Context:           defaultServer: Docker Engine - Community Engine:  Version:          24.0.2  API version:      1.43 (minimum version 1.12)  Go version:       go1.20.4  Git commit:       659604f  Built:            Thu May 25 21:52:10 2023  OS/Arch:          linux/amd64  Experimental:     false containerd:  Version:          1.6.21  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8  //如果正常，这里应该有 runc的信息 docker-init:  Version:          0.19.0  GitCommit:        de40ad0

查看docker状态，提示没有runc

[root@localhost composetest]# systemctl status docker● docker.service - Docker Application Container Engine   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)   Active: active (running) since Thu 2023-06-29 16:24:21 CST; 5min ago     Docs: https://docs.docker.com Main PID: 22144 (dockerd)    Tasks: 12   Memory: 38.4M   CGroup: /system.slice/docker.service           └─22144 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.863821695+08:00" level=warning //这里提示没有runc versionmsg="failed to retrieve runc version: exit>6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.879643673+08:00" level=info msg="Docker daemon" commit=659604f graphdrive>6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.879688811+08:00" level=info msg="Daemon has completed initialization"6月 29 16:24:21 localhost.localdomain dockerd[22144]: time="2023-06-29T16:24:21.903813923+08:00" level=info msg="API listen on /run/docker.sock"6月 29 16:24:21 localhost.localdomain systemd[1]: Started Docker Application Container Engine.6月 29 16:25:17 localhost.localdomain dockerd[22144]: time="2023-06-29T16:25:17.603433056+08:00" level=error msg="stream copy error: reading from a close>6月 29 16:25:17 localhost.localdomain dockerd[22144]: time="2023-06-29T16:25:17.603501074+08:00" level=error msg="stream copy error: reading from a close>6月 29 16:26:31 localhost.localdomain dockerd[22144]: time="2023-06-29T16:26:31.575391981+08:00" level=error msg="stream copy error: reading from a close>6月 29 16:26:31 localhost.localdomain dockerd[22144]: time="2023-06-29T16:26:31.575508418+08:00" level=error msg="stream copy error: reading from a close>6月 29 16:29:33 localhost.localdomain dockerd[22144]: time="2023-06-29T16:29:33.001615925+08:00" //这里提示没有runc versionlevel=warning msg="failed to retrieve runc version: exit>

最终查到可能是libseccomp版本过低引起的，看一下当前版本

[root@localhost composetest]# rpm -qa | grep libseccomplibseccomp-2.3.3-3.el8.x86_64

升级

yum update libseccomp

升级后再查看docker 版本已经有runc了。

[root@localhost composetest]# docker versionClient: Docker Engine - Community Version:           24.0.2 API version:       1.43 Go version:        go1.20.4 Git commit:        cb74dfc Built:             Thu May 25 21:53:10 2023 OS/Arch:           linux/amd64 Context:           defaultServer: Docker Engine - Community Engine:  Version:          24.0.2  API version:      1.43 (minimum version 1.12)  Go version:       go1.20.4  Git commit:       659604f  Built:            Thu May 25 21:52:10 2023  OS/Arch:          linux/amd64  Experimental:     false containerd:  Version:          1.6.21  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8  //有runc版本了 runc:  Version:          1.1.7  GitCommit:        v1.1.7-0-g860f061 docker-init:  Version:          0.19.0  GitCommit:        de40ad0

总结

解决过程中遇到了OCI、runc等名词，根据Docker，containerd，CRI-O和runc之间的区别得知，OCI是open container initiative,是一套关于镜像和容器的规范，它也提供了实现就是runc，runc是用来创建和运行容器的。