Hi 


I have played with a few container types, and reading about clear containers they looked like they might solve a few concerns regarding security


So I decided to give them a go, but have not been able to get anything going


The most useful debug message i get is "container not started" sometime after network set up.


I am running ubuntu 16:04 

    (I would have tried on clear linux but seem stuck with bios settings )

    ​docker containers runtime runc and KVMVMs  both run fine

   I checked the version of docker

   I also tried installing on a ubuntu 16.04 VM (nested VMs allowed) on a different system 


Any pointers?


Louise


syslog messages

Nov  2 12:14:16 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:16.912952974Z" level=debug msg="Assigning addresses for endpoint ecstatic_aryabhata's interface on network bridge"
Nov  2 12:14:16 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:16.913052286Z" level=debug msg="RequestAddress(LocalDefault/172.17.0.0/16, <nil>, map[])"
Nov  2 12:14:16 nfv-mobile kernel: [ 6387.660991] aufs au_opts_verify:1597:dockerd[18952]: dirperm1 breaks the protection by the permission bits on the lower branch
Nov  2 12:14:16 nfv-mobile systemd-udevd[19236]: Could not generate persistent MAC address for vethd53b6fb: No such file or directory
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <warn>  [1478088856.9211] device (vethd53b6fb): failed to find device 27 'vethd53b6fb' with udev
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <info>  [1478088856.9251] manager: (vethd53b6fb): new Veth device (/org/freedesktop/NetworkManager/Devices/30)
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <warn>  [1478088856.9264] device (veth80531c9): failed to find device 28 'veth80531c9' with udev
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <info>  [1478088856.9301] manager: (veth80531c9): new Veth device (/org/freedesktop/NetworkManager/Devices/31)
Nov  2 12:14:16 nfv-mobile systemd-udevd[19237]: Could not generate persistent MAC address for veth80531c9: No such file or directory
Nov  2 12:14:16 nfv-mobile kernel: [ 6387.684957] device veth80531c9 entered promiscuous mode
Nov  2 12:14:16 nfv-mobile kernel: [ 6387.686128] IPv6: ADDRCONF(NETDEV_UP): veth80531c9: link is not ready
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <info>  [1478088856.9480] devices added (path: /sys/devices/virtual/net/vethd53b6fb, iface: vethd53b6fb)
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <info>  [1478088856.9481] device added (path: /sys/devices/virtual/net/vethd53b6fb, iface: vethd53b6fb): no ifupdown configuration found.
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <info>  [1478088856.9571] devices added (path: /sys/devices/virtual/net/veth80531c9, iface: veth80531c9)
Nov  2 12:14:16 nfv-mobile NetworkManager[827]: <info>  [1478088856.9571] device added (path: /sys/devices/virtual/net/veth80531c9, iface: veth80531c9): no ifupdown configuration found.
Nov  2 12:14:16 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:16.987987551Z" level=debug msg="Assigning addresses for endpoint ecstatic_aryabhata's interface on network bridge"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.071881081Z" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers : [nameserver 8.8.8.8 nameserver 8.8.4.4]"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.071947582Z" level=info msg="IPv6 enabled; Adding default IPv6 external servers : [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.179871005Z" level=debug msg="Programming external connectivity on endpoint ecstatic_aryabhata (403ed1cdc0c734dc0f71301dc5b063f535b0c50b95f03a631aa61481df28d6a6)"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.297444558Z" level=error msg="containerd: start container" error="containerd: container not started" id=185ac0dc222be27093655db56536a91c0d5e420695b7931f2b3ac259cb6c8228
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.300902862Z" level=error msg="Create container failed with error: containerd: container not started"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.301005348Z" level=debug msg="attach: stdout: end"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.301167260Z" level=debug msg="attach: stderr: end"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.382547685Z" level=debug msg="Revoking external connectivity on endpoint ecstatic_aryabhata (403ed1cdc0c734dc0f71301dc5b063f535b0c50b95f03a631aa61481df28d6a6)"
Nov  2 12:14:17 nfv-mobile kernel: [ 6388.262159] docker0: port 1(veth80531c9) entered disabled state
Nov  2 12:14:17 nfv-mobile kernel: [ 6388.268524] device veth80531c9 left promiscuous mode
Nov  2 12:14:17 nfv-mobile kernel: [ 6388.268535] docker0: port 1(veth80531c9) entered disabled state
Nov  2 12:14:17 nfv-mobile NetworkManager[827]: <info>  [1478088857.5372] devices removed (path: /sys/devices/virtual/net/vethd53b6fb, iface: vethd53b6fb)
Nov  2 12:14:17 nfv-mobile NetworkManager[827]: <info>  [1478088857.5373] device (vethd53b6fb): driver 'veth' does not support carrier detection.
Nov  2 12:14:17 nfv-mobile NetworkManager[827]: <info>  [1478088857.5392] device (veth80531c9): driver 'veth' does not support carrier detection.
Nov  2 12:14:17 nfv-mobile NetworkManager[827]: <info>  [1478088857.5504] devices removed (path: /sys/devices/virtual/net/veth80531c9, iface: veth80531c9)
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.596433385Z" level=debug msg="Releasing addresses for endpoint ecstatic_aryabhata's interface on network bridge"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.596505713Z" level=debug msg="ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2)"
Nov  2 12:14:17 nfv-mobile dockerd[18944]: time="2016-11-02T12:14:17.716428271Z" level=error msg="Handler for POST /v1.24/containers/185ac0dc222be27093655db56536a91c0d5e420695b7931f2b3ac259cb6c8228/start returned error: containerd: container not started"