Coder.com•2w ago

sysbox-runc shim v3 issue

I have some issue that might need you guys help. I have coder running half a year ago with sysbox-runc. Recently when I try to run it inside my workspace it basically have this error

coder@website:~$ docker run -v /var/run/docker.sock:/var/run/docker.sock -it alpine sh
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
2d35ebdb57d9: Pull complete 
Digest: sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
Status: Downloaded newer image for alpine:latest
docker: Error response from daemon: failed to create task for container: Unimplemented: failed to start shim: start failed: unsupported shim version (3): not implemented

Run 'docker run --help' for more information

coder@website:~$ docker run -it alpine sh
docker: Error response from daemon: failed to create task for container: Unimplemented: failed to start shim: start failed: unsupported shim version (3): not implemented

Run 'docker run --help' for more information

coder@website:~$ docker run -v /var/run/docker.sock:/var/run/docker.sock -it alpine sh
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
2d35ebdb57d9: Pull complete 
Digest: sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
Status: Downloaded newer image for alpine:latest
docker: Error response from daemon: failed to create task for container: Unimplemented: failed to start shim: start failed: unsupported shim version (3): not implemented

Run 'docker run --help' for more information

coder@website:~$ docker run -it alpine sh
docker: Error response from daemon: failed to create task for container: Unimplemented: failed to start shim: start failed: unsupported shim version (3): not implemented

Run 'docker run --help' for more information

This happens usually while there are case where if I restart my coder instance it works like normal. Coder is running inside a VM Which is running Ubuntu 24.04.02 Coder is v2.21.0

5 Replies

Codercord•2w ago

<#1439221362240782376>

Category

Help needed

Product

Coder (v2)

Platform

Linux

Logs

Please post any relevant logs/error messages.

TakeHimeOP•6d ago

My template (The part this I think is necessary to debug)

resource "coder_agent" "main" {
  arch           = data.coder_provisioner.me.arch
  os             = "linux"
  startup_script = <<-EOT
    set -e

    # Prepare user home with default files on first start.
    if [ ! -f ~/.init_done ]; then
      cp -rT /etc/skel ~
      touch ~/.init_done
    fi

    # Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here
    # Start Docker in the background and redirect output
    if ! pgrep -x "dockerd" > /dev/null; then
      sudo dockerd > /dev/null 2>&1 &
    fi

    # Update packages
    sudo apt update > /dev/null 2>&1
    sudo apt upgrade -y > /dev/null 2>&1

  
  EOT

# Other stuff
}

resource "coder_agent" "main" {
  arch           = data.coder_provisioner.me.arch
  os             = "linux"
  startup_script = <<-EOT
    set -e

    # Prepare user home with default files on first start.
    if [ ! -f ~/.init_done ]; then
      cp -rT /etc/skel ~
      touch ~/.init_done
    fi

    # Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here
    # Start Docker in the background and redirect output
    if ! pgrep -x "dockerd" > /dev/null; then
      sudo dockerd > /dev/null 2>&1 &
    fi

    # Update packages
    sudo apt update > /dev/null 2>&1
    sudo apt upgrade -y > /dev/null 2>&1

  
  EOT

# Other stuff
}

resource "docker_container" "workspace" {
  count = data.coder_workspace.me.start_count
  image = "codercom/enterprise-base:ubuntu"
  # Uses lower() to avoid Docker restriction on container names.
  name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
  # Hostname makes the shell more user friendly: coder@my-workspace:~$
  hostname = data.coder_workspace.me.name
  # Use the docker gateway if the access URL is 127.0.0.1
  entrypoint = ["sh", "-c", replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")]
  env        = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]

  # Use the Sysbox container runtime (required)
  runtime = "sysbox-runc"

  host {
    host = "host.docker.internal"
    ip   = "host-gateway"
  }
  volumes {
    container_path = "/home/coder"
    volume_name    = docker_volume.home_volume.name
    read_only      = false
  }

  # Add labels in Docker to keep track of orphan resources.
  labels {
    label = "coder.owner"
    value = data.coder_workspace_owner.me.name
  }
  labels {
    label = "coder.owner_id"
    value = data.coder_workspace_owner.me.id
  }
  labels {
    label = "coder.workspace_id"
    value = data.coder_workspace.me.id
  }
  labels {
    label = "coder.workspace_name"
    value = data.coder_workspace.me.name
  }
}

resource "docker_container" "workspace" {
  count = data.coder_workspace.me.start_count
  image = "codercom/enterprise-base:ubuntu"
  # Uses lower() to avoid Docker restriction on container names.
  name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
  # Hostname makes the shell more user friendly: coder@my-workspace:~$
  hostname = data.coder_workspace.me.name
  # Use the docker gateway if the access URL is 127.0.0.1
  entrypoint = ["sh", "-c", replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")]
  env        = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]

  # Use the Sysbox container runtime (required)
  runtime = "sysbox-runc"

  host {
    host = "host.docker.internal"
    ip   = "host-gateway"
  }
  volumes {
    container_path = "/home/coder"
    volume_name    = docker_volume.home_volume.name
    read_only      = false
  }

  # Add labels in Docker to keep track of orphan resources.
  labels {
    label = "coder.owner"
    value = data.coder_workspace_owner.me.name
  }
  labels {
    label = "coder.owner_id"
    value = data.coder_workspace_owner.me.id
  }
  labels {
    label = "coder.workspace_id"
    value = data.coder_workspace.me.id
  }
  labels {
    label = "coder.workspace_name"
    value = data.coder_workspace.me.name
  }
}

Honestly I am at my wit ends on what's the issue here. Rebooting the VM sometimes help and running docker compose inside the workspace will work like normal But after a while it just stuck and will keep itself being like that Has there anyone run into the same issue?

Beast1396•6d ago

I'm running into a similar issue. I get this message whenever I try to run a container in a workspace suddenly: docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: unsafe procfs detected: openat2 /proc/./sys/net/ipv4/ip_unprivileged_port_start: invalid cross-device link

TakeHimeOP•5d ago

Yeah not sure if restarting my device gave out this issue

Gaming

Programming

sysbox-runc shim v3 issue

Did you find this page helpful?