Failed to start docker.service: Access denied in toolbox

Hi Team,

I am following this link to install the docker on the toolbox which is fedora 39. The output of the uname -a

$ uname -a
Linux toolbox 6.11.9-100.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Nov 17 18:52:19 UTC 2024 x86_64 GNU/Linux

The output of docker is

$ docker -v
Docker version 27.3.1, build ce12230

But when I try to start the docker service in the f39 toolbox I get the following error

$ sudo systemctl start docker
Failed to start docker.service: Access denied
See system logs and 'systemctl status docker.service' for details.

When I inspect the systemctl logs I get the following error

$ systemctl status docker.service
Unit docker.service could not be found.

I don’t know how to make docker work in the f39 toolbox, is there any possibility to make docker work.

Also I can see the following lines when I do dnf install, now I have tried to install a particular version.

$ sudo dnf install docker-ce-3:24.0.7-1.fc39 docker-ce-cli-1:27.3.0-1.fc39 containerd.io 

... other lines removed ...

Total                                                                         1.4 MB/s |  87 MB     01:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Running scriptlet: selinux-policy-targeted-39.7-1.fc39.noarch                                           1/1 
warning: Unable to get systemd shutdown inhibition lock: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

  Preparing        :                                                                                      1/1 
  Installing       : libselinux-utils-3.5-5.fc39.x86_64                                                  1/19 
  Installing       : policycoreutils-3.5-8.fc39.x86_64                                                   2/19 
  Running scriptlet: policycoreutils-3.5-8.fc39.x86_64                                                   2/19 
Failed to preset unit: Access denied

  Installing       : selinux-policy-39.7-1.fc39.noarch                                                   3/19 
  Running scriptlet: selinux-policy-39.7-1.fc39.noarch                                                   3/19 
Failed to preset unit: Access denied

  Running scriptlet: selinux-policy-targeted-39.7-1.fc39.noarch                                          4/19 
  Installing       : selinux-policy-targeted-39.7-1.fc39.noarch                                          4/19 
  Running scriptlet: selinux-policy-targeted-39.7-1.fc39.noarch                                          4/19 
  Running scriptlet: container-selinux-2:2.233.0-1.fc39.noarch                                           5/19 
  Installing       : container-selinux-2:2.233.0-1.fc39.noarch                                           5/19 
  Running scriptlet: container-selinux-2:2.233.0-1.fc39.noarch                                           5/19 
  Installing       : containerd.io-1.7.23-3.1.fc39.x86_64                                                6/19 
  Running scriptlet: containerd.io-1.7.23-3.1.fc39.x86_64                                                6/19 
Failed to preset unit: Access denied

  Installing       : fuse-overlayfs-1.13-1.fc39.x86_64                                                   7/19 
  Running scriptlet: fuse-overlayfs-1.13-1.fc39.x86_64                                                   7/19 
  Installing       : libslirp-4.7.0-4.fc39.x86_64                                                        8/19 
  Installing       : slirp4netns-1.2.2-1.fc39.x86_64                                                     9/19 
  Installing       : libnfnetlink-1.0.1-24.fc39.x86_64                                                  10/19 
  Installing       : libnetfilter_conntrack-1.0.9-2.fc39.x86_64                                         11/19 
  Installing       : iptables-libs-1.8.9-5.fc39.x86_64                                                  12/19 
  Installing       : libcgroup-3.0-3.fc39.x86_64                                                        13/19 
  Installing       : iptables-legacy-libs-1.8.9-5.fc39.x86_64                                           14/19 
  Installing       : iptables-legacy-1.8.9-5.fc39.x86_64                                                15/19 
  Running scriptlet: iptables-legacy-1.8.9-5.fc39.x86_64                                                15/19 
  Installing       : docker-ce-cli-1:27.3.0-1.fc39.x86_64                                               16/19 
  Running scriptlet: docker-ce-cli-1:27.3.0-1.fc39.x86_64                                               16/19 
  Installing       : docker-ce-rootless-extras-27.3.1-1.fc39.x86_64                                     17/19 
  Running scriptlet: docker-ce-rootless-extras-27.3.1-1.fc39.x86_64                                     17/19 
  Installing       : docker-ce-3:24.0.7-1.fc39.x86_64                                                   18/19 
  Running scriptlet: docker-ce-3:24.0.7-1.fc39.x86_64                                                   18/19 
Failed to preset unit: Access denied

  Installing       : rpm-plugin-selinux-4.19.0-1.fc39.x86_64                                            19/19 
  Running scriptlet: selinux-policy-targeted-39.7-1.fc39.noarch                                         19/19 
  Running scriptlet: container-selinux-2:2.233.0-1.fc39.noarch                                          19/19 
  Running scriptlet: rpm-plugin-selinux-4.19.0-1.fc39.x86_64                                            19/19 
"/home" already exists and is not a directory.
fchownat() of /run/systemd/sessions failed: Operation not permitted
fchownat() of /run/systemd/users failed: Operation not permitted
fchownat() of /var/lib/systemd/coredump failed: Operation not permitted
fchownat() of /tmp failed: Operation not permitted
Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:wheel:r-x,g:4294967295:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal failed: Invalid argument
Failed to re-open '/var/log/journal': Operation not permitted
fchownat() of /var/log/journal failed: Operation not permitted
Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:wheel:r-x,g:4294967295:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal/0d503a1fff4a4d5f885a263a1ee03e7f failed: Invalid argument
Failed to re-open '/var/log/journal/0d503a1fff4a4d5f885a263a1ee03e7f': Operation not permitted
fchownat() of /var/log/journal/0d503a1fff4a4d5f885a263a1ee03e7f failed: Operation not permitted
fchownat() of /dev/snd/seq failed: Operation not permitted
fchownat() of /dev/snd/timer failed: Operation not permitted
fchownat() of /dev/loop-control failed: Operation not permitted
fchownat() of /dev/kvm failed: Operation not permitted
fchownat() of /dev/vhost-net failed: Operation not permitted
fchownat() of /dev/vhost-vsock failed: Operation not permitted
Setting access ACL "u::rw-,g::r-x,g:adm:r--,g:wheel:r--,g:4294967295:r-x,g:4294967295:r-x,m::r--,o::---" on /var/log/journal/0d503a1fff4a4d5f885a263a1ee03e7f/system.journal failed: Invalid argument
fchownat() of /var/log/journal/0d503a1fff4a4d5f885a263a1ee03e7f/system.journal failed: Operation not permitted
fchownat() of /sys/kernel/security/ima/binary_runtime_measurements failed: Operation not permitted

Failed to reload daemon: Access denied



PS:
My host machine is F39 Kinoite

F39 went EOL about a week ago so what you may get now is fixed and no further updates are available. This also means that any bugs you may find in the system will not be fixed.

I strongly suggest that you upgrade to f40 or f41 so new updates/fixes may be installed.

It seems possible that the errors may be related to using kinoite on the host.

  1. does it mean that I cannot run docker on the immutable desktop’s toolbox environment?
  2. Should I have to install F40 normal desktop and then install toolbox and then proceed with the docker installation?
  3. Is there any workaround for this?

For the time being I am using the podman on the host machine(F39 Kionite) to install the mongodb from the docker hub.

You’re going to need to use a different container setup for this.

Actually I have managed to install docker on the host(kionite) machine by the following rpm-ostree comands and installation is successful.

sudo rpm-ostree install https://download.docker.com/linux/fedora/39/x86_64/stable/
Packages/docker-ce-27.3.1-1.fc39.x86_64.rpm

sudo rpm-ostree install https://download.docker.com/linux/fedora/39/x86_64/sta
ble/Packages/docker-buildx-plugin-0.17.1-1.fc39.x86_64.rpm

sudo rpm-ostree install https://download.docker.com/linux/fedora/39/x86_64/sta
ble/Packages/docker-ce-cli-27.3.1-1.fc39.x86_64.rpm

sudo rpm-ostree install https://download.docker.com/linux/fedora/39/x86_64/sta
ble/Packages/docker-compose-plugin-2.29.7-1.fc39.x86_64.rpm

Another simpler way to install docker on the host machine

sudo rpm-ostree install docker

but I have not tried the above ,

docker version:

$ docker --version
Docker version 27.3.1, build ce12230

Then from the toolbox I am calling the IP of the container to access it from the toolbox. I don’t know if this is the solution. But I can manage it with this workaround.

1 Like