19

I am running openthread/environment:latest docker image (as of 2019-06-15)

When starting on a fresh ubuntu 18.04 with docker 18.09 using the command

ubuntu@ip-172-31-37-198:~$ docker run -it --rm openthread/environment bash

I get the following output

  • Stopping system message bus dbus [ OK ]
  • Starting system message bus dbus [ OK ]
  • Starting enhanced syslogd rsyslogd

rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted

rsyslogd: activation of module imklog failed [v8.32.0 try http://www.rsyslog.com/e/2145 ]

Anyone knows whether this is related to ubuntu setup or the docker container or how to fix.

Kim Nyholm
  • 1,055
  • 1
  • 10
  • 19

3 Answers3

29

@Reto's answer will work, but you will be editing that file every time you build your container. Put this in your Dockerfile and you're all set. The edit will be performed automatically while the container is being built.

RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
WillHaslett
  • 668
  • 7
  • 13
  • If it is a complement to another user's answer, please leave a comment attached to said answer. – David Larochette Feb 17 '20 at 16:13
  • 3
    It's not a complement, but rather a way to implement the solution in a not-ephemeral way. The given answer suggests manually editing a file in a Docker container. Containers are ephemeral. I think beginners are likely to wonder why the solution doesn't "stick". What's the right way to provide this extension to the answer? I thought it would be best to post it as an answer, with credit to the (necessary) predecessor. – WillHaslett Feb 17 '20 at 19:06
  • Nothing in the [Reto Char's answer](https://stackoverflow.com/a/58950678/52499) suggests that the change is to be performed manually. The answer is just not too specific about how to achieve that ;) – x-yuri Nov 06 '20 at 20:48
  • No. To be clear, I appreciate @Reto's insight. It helped me! But, if you know Docker, you know that editing files *inside* a container is a smell. Fix the problem *while the container is being built*. You can't get "inside" the Docker container while the Dockerfile is being run. It doesn't exist yet. The distinction here is important for people new to Docker. Until images and containers really click, it seems to make sense to edit things in containers. – WillHaslett Nov 07 '20 at 23:15
21

You will also get rid of this warning if you just comment out the line

module(load="imklog")

inside your Docker container (edit /etc/rsyslog.conf).

I doubt you want to read the kernel messages inside a container ;-)

Reto Schär
  • 219
  • 2
  • 3
  • 1
    This Answer should be the accepted one the accepted answer should explain that if you really want to give access to the host system then `privileged` is the right way. One remark to this answer, for me, the format of the `rsyslog.conf` was different. I ended up doing: `sed -i 's/$ModLoad imklog.so/# $ModLoad imklog.so/' /etc/rsyslog.conf` – fentas Feb 17 '20 at 07:10
  • This should not be the accepted answer. It suggests manually editing a system file in a Docker container. Containers are ephemeral and this suggested edit needs to be made every time the container is built. @braindongle's (my) answer below simply has `sed` perform this same edit for you when your Dockerfile is being run. – WillHaslett Oct 28 '20 at 14:18
  • To make it clear, even with this line `rsyslog` starts. – x-yuri Nov 06 '20 at 20:49
-2

Try adding the --privileged option.

For example:

docker run -it --rm --privileged openthread/environment bash
jhui
  • 694
  • 4
  • 3
  • Some users question why I have accepted this answer. The reason is that I am using an already build container, from a source I trust. The other answers I have seen, suggest to modify `Dockerfile` or the container. Just adding `--priviliged` works perfect for my workflow. – Kim Nyholm Apr 30 '21 at 11:06
  • wrong answer, unless you really want the kernel logs. You can build your own Docker image based on top of a third part docker image, via `FROM anotherdockerimage:latest` in your Dockerfile. – Melroy van den Berg Dec 21 '21 at 23:12
  • This issue seems to apply to [Proxmox's unprivileged containers](https://pve.proxmox.com/wiki/Linux_Container#pct_settings) – Pablo Bianchi Mar 16 '23 at 20:29