Error response from daemon: Cannot kill container: permission denied, how to kill docker containers on Ubuntu 20.04?

Asked 15/3, 2022 at 6:10 Answered 26/6 at 23:18

I'm trying to kill a docker container, but I got permission denied. I use Ubuntu 20.04, my docker version for client is 20.10.7 and the one for the server is 20.10.11.

This is the log I got:

Error response from daemon: Cannot kill container: fastapi_server: permission denied

I read that I should use this comand for restarting docker.

sudo systemctl restart docker.socket docker.service

But the thing is that when I execute this command, all my containers and images dissapear, but If I try on localhost:8000 my port is occupied by the container that I wanted to delete. And if I run sudo netstat -anp | grep 8000, I get:

tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN    2493/docker-proxy   
tcp6       0      0 :::8000                 :::*                    LISTEN    2500/docker-proxy

So this confirms that my port is already taken by a docker container, but when I run docker ps -a, I get no container. I also tried docker kill, but it did not work.

How should I kill this container & get my 8000 port free?

Parasitize answered 15/3, 2022 at 6:10 Comment(2)

Is your user in the docker group? How did you start the container? – Equivalency 15/3, 2022 at 6:22

@tripleee, yes my user is in the docker group. I started the container with docker-compose . docker-compose down is not working too, I got permission denied. – Parasitize 15/3, 2022 at 6:24

what works for me in these cases:

sudo systemctl restart docker.socket docker.service
sudo docker image rm -f $(sudo docker image ls -q)

Jeanett answered 7/11, 2022 at 14:34 Comment(1)

It seems removing the containers is sufficient - no need to remove the images: sudo systemctl restart docker.socket docker.service; sudo docker rm $(sudo docker ps -a -q) -f – Herniorrhaphy 30/1 at 10:38

It appeared that I had installed docker with snap as well as using the docker repository:

sudo snap list

So:

sudo snap remove docker --purge
sudo aa-remove-unknown

Along with re-installing Docker using the method described here solved my issues! No need to disable or remove apparmor.

Boisterous answered 9/9, 2022 at 7:2 Comment(0)

Please think twice before removing AppArmor. To my understanding this is central to application security for instance on recent major Ubuntu versions.

It seems the rights problem is specific to a Docker version. Assuming yours is also installed via snap, please attempt upgrading your Docker version to at least the current beta, e.g. with

snap refresh docker --beta

20.10.12 seems to work fine.

(In fact I fell for the suggestion and did remove my AppArmor - snaps went away. Then reinstalled ASAP, the settings of relevant snaps are still with me - afterwards installed docker back, had the problem, upgraded it: seems to work like a charm.)

Incomprehensive answered 16/3, 2022 at 16:21 Comment(8)

I upgraded docker engine version to 20.10.12 and everything was going great until I have the same denied permission when killing a container. I would like to know if the next solution would be dangerous too, in this apparmor is not being removed just all profiles that are not stored in /etc/apparmor.d are unloaded. sudo aa-remove-unknown docker container kill $(docker ps -q). – Parasitize 17/3, 2022 at 20:43

And I can even check profiles that are going to be unloaded with sudo aa-remove-unknown -n. And with this, I wonder if it is possible to just unload profiles related to docker, just for keeping loaded the rest of the profiles. – Parasitize 17/3, 2022 at 20:43

There are (at least) two very different approaches to take IMHO. #1 is to stick with the snapped Docker. I think having to follow distro-specific instructions, howtos etc. is a major blocker of Linux adoption. Push harder or avoid - I'll try to push harder (will follow up). Or: #2 install the absolute latest Docker , which means you can uninstall the snap. forums.docker.com/t/… Maybe you should go with #2? I no longer experience the problem but would be keen to hear back from you whichever way you choose to go. – Incomprehensive 20/3, 2022 at 22:59

For #2: This is what I received "I know this topic is not about Docker installation, but I would not recommend installing Docker from snap repository. I understand that it seems easier, but you can (but not necessarily will) have more problems later. Use the recommended way by the Documentation depending on which distribution you use." Maybe the best advice for you? – Incomprehensive 20/3, 2022 at 23:1

For #1: I thought I'd raise this on the Snapcraft forums - maybe they'll be quicker with the beta to release path. forum.snapcraft.io/t/… I'm uncertain what to say on the solution you propose unfortunately. (Will try to think about it I just don't have too much time on my hands right now.) – Incomprehensive 20/3, 2022 at 23:10

(Quick update: I got a reply on the Snapcraft forums in the meantime pointing to github.com/docker-snap/docker-snap/issues/36, the workaround I saw there is sudo rm /var/snap/docker/common/profile_reloaded, I don't know how you decided, this might be along the lines of your approach, might even help or unblock you, what I like about it is that it explicitly targets docker at some point. Must say I don't know what either does, without that I was a bit worried to nod :) .) – Incomprehensive 21/3, 2022 at 9:47

Not sure if it helps you, but in the end (on my side) - I was simply stupid :) My problem came back too. docker --version (did you try it by the way?) kept saying 20.10.7 to me but I couldn't remove docker (sudo apt remove docker) and thus I thought it's just a glitch with the snap or similar. And was I wrong! sudo apt list --installed | grep docker gave away that I had a version installed from apt in parallel. I removed that and it all got solved. (It was docker.io for me from some PPA I think for a course... at some point...) – Incomprehensive 23/3, 2022 at 2:1

thanks for following up. I finally deleted my docker.io, and reinstalled docker as follow: docs.docker.com/engine/install/ubuntu. I hope this works well in the long run, if I have any new issues or updates on the issue I'll keep you posted. – Parasitize 23/3, 2022 at 4:24

Stop using following command

sudo aa-remove-unknown

Antibody answered 29/5 at 9:44 Comment(2)

you save my day bro – Afflict 26/7 at 15:11

It's my pleasure – Antibody 26/7 at 15:26

Try these steps:

docker inspect

Find the PID AND kill that process.

If that does not work check with

dmesg

everything related to Docker. You can put output here that we can help you.

Ok,from you png ist seems that you have problem with AppArmor. Try this:

sudo apt purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes

Hobnailed answered 15/3, 2022 at 6:51 Comment(9)

this is all related to docker that I got when running dmesg: drive.google.com/file/d/1XI_P0TgpTZ2_GEX-LdEPo9FhylYdpzzo/… (sorry for showing an image for the console log, but I thought this was better to show like this on a comment). docker insepct did not work, because according to docker I have no processes running. – Parasitize 15/3, 2022 at 7:3

It works, but I wonder if deleting apparmor security module does not end up being counterproductive or damaging something?, although I finally reinstalled this module – Parasitize 15/3, 2022 at 7:35

Should be OK. Read more wiki.ubuntu.com/AppArmor – Hobnailed 15/3, 2022 at 7:36

Please update your answer and warn the readers about this caveat so I can be less negative too. Have you tried downgrading perhaps? Sounds like a new problem or one that is re-emerging. – Incomprehensive 16/3, 2022 at 16:5

(Everybody: please do not remove AppArmor, especially on a Ubuntu - it will remove all of your snaps as part of the removal of Snap.) – Incomprehensive 16/3, 2022 at 16:41

@Incomprehensive where can I read more about AppArmor? – Hobnailed 16/3, 2022 at 20:46

I used apt for install. – Hobnailed 16/3, 2022 at 20:46

Good question, I know and agree AppArmor causes problems as a snap developer. Snaps are now underpinning the whole Ubuntu Software Center to my understanding ... so there can be problems if people remove AppArmor ;) ) I am not an expert (too much hair I don't even have has been pulled out on the way there :) ), but despite my shallow understanding I have some hope this helps: snapcraft.io/docs/snap-confinement – Incomprehensive 16/3, 2022 at 21:37

Sorry the marketing stuff, this has just got in my way ... looks like Canonical are serious about AppArmor ubuntu.com/engage/apparmor-intro – Incomprehensive 6/4, 2022 at 1:33

I installed Docker from snap and experienced the permission denied error response. After reading many users experiencing more problems with the apparmor suggestion, I uninstalled Docker from snap, then used digitalocean's Docker installation tutorial.

It worked for me, posting here as reference for others experiencing the same problem.

Batfowl answered 3/11, 2022 at 8:57 Comment(0)

In my case it was also apparmor on Ubuntu 20.04 after upgrade from Bionic. By running dmesg I got error message:

[1113458.482007] audit: type=1400 audit(1672134271.112:1718): apparmor="DENIED" operation="signal" profile="docker-default" pid=1654 comm="dockerd" requested_mask="receive" denied_mask="receive" signal=kill peer="snap.docker.dockerd

To fix this please edit /etc/apparmor.d/docker and add to the beginning (however, after the 'profile docker-default .... {' ) the following line:

 signal,

Then reload apparmor

 sudo systemctl reload apparmor

This fixed it at least on my computer.

See more https://manpages.ubuntu.com/manpages/xenial/man5/apparmor.d.5.html under section signal:

Example AppArmor signal rules:

       # Allow all signal access
       signal,

Chronaxie answered 27/12, 2022 at 9:54 Comment(0)

I had a similar issue; it turned out that I had two docker installations. I followed the instructions in this answer, but in a nutshell there are two installations for docker, one from apt and another from snap. You need to remove the one from snap, and just keep the one with apt. Instructions are in the link.

Duhl answered 4/12, 2023 at 6:57 Comment(0)

I found medium post on this topic. I would not normally follow just any command you find online. However, this time I was desperate for a solution and it seemed to have worked.

https://medium.com/devops-technical-notes-and-manuals/how-to-solve-cannot-kill-docker-container-permission-denied-error-message-e3af7ccb7e29

TLDR: Executing the following command to remove the unknown from AppArmor solved my container problem sudo aa-remove-unknown

Plume answered 26/6 at 23:18 Comment(1)

Please put the TLDR section first as that is the answer to the question for future reference. You can then cite the Medium article as a source – Ghiselin 28/6 at 14:39

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags