麒麟V10 SP2 升级后docker启动报错

麒麟系统 yum update 之后会造成 docker 运行报错，特别 JumpServer、雷池 WAF 这些基于 docker 的平台，基本上就会启动不起来。一般 docker 会报错

Error response from daemon: failed to create shim task: OCI runtime create failed: container_linux.go:328: starting container process caused "permission denied": unknown


当出现这个问题之后，先要卸载掉 runc 这个包，然后重新编译安装 docker 就行了。

卸载之后，直接编译安装官方版本，参考官方说明：

https://docs.docker.com/engine/install/binaries

Install static binaries

Install static binaries
Download the static binary archive. Go to https://download.docker.com/linux/static/stable/, choose your hardware platform, and download the .tgz file relating to the version of Docker Engine you want to install.

Extract the archive using the tar utility. The dockerd and docker binaries are extracted.

tar xzvf /path/to/FILE.tar.gz
Optional: Move the binaries to a directory on your executable path, such as /usr/bin/. If you skip this step, you must provide the path to the executable when you invoke docker or dockerd commands.

第一步，就是下你需要的版本：

https://download.docker.com/linux/static/stable/

需要哪个用选哪个

操作如下

wget https://download.docker.com/linux/static/stable/x86_64/docker-28.3.2.tgz
tar xzvf docker-28.3.2.tgz 
cp docker/* /usr/bin/
docker -v

然后创建 docker 服务启动文件
vi /etc/systemd/system/docker.service

[Unit]
Description=Docker Daemon
After=network.target

[Service]
ExecStart=/usr/bin/dockerd
Restart=always
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity

[Install]
WantedBy=multi-user.target

 启动 docker
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl status docker