docker
system_error
ai_generated
true
覆盖层挂载失败:权限被拒绝
failed to mount overlay: permission denied
ID: docker/overlay2-mount-permission-denied
75%修复率
85%置信度
1证据数
2024-03-15首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Docker 24.0.7 | active | — | — | — |
| Docker 25.0.0 | active | — | — | — |
| Kernel 6.5.0 | active | — | — | — |
根因分析
Docker overlay2 存储驱动无法挂载,原因是内核能力不足或 SELinux/AppArmor 限制,通常在更新内核后发生。
English
The Docker overlay2 storage driver cannot mount due to insufficient kernel capabilities or SELinux/AppArmor restrictions, often after a kernel update.
官方文档
https://docs.docker.com/storage/storagedriver/overlayfs-driver/解决方案
-
Check SELinux context and set boolean: sudo setsebool -P container_manage_cgroup 1
-
Switch Docker storage driver to overlay (legacy) or devicemapper as fallback: edit /etc/docker/daemon.json and add 'storage-driver': 'overlay' then restart docker.
-
If using AppArmor, check apparmor_status and ensure docker profile is loaded: sudo aa-status | grep docker
无效尝试
常见但无效的做法:
-
sudo systemctl restart docker
80% 失败
Restarting docker daemon alone does not fix the underlying filesystem or security context issue.
-
sudo apt-get remove docker && sudo apt-get install docker
70% 失败
Reinstalling Docker does not address kernel or SELinux configuration changes.
-
setenforce 0
50% 失败
Disabling SELinux entirely is overkill and may have security implications, but it works temporarily; however, it's not a permanent fix.