Can't pull docker image - Error: failed to register layer: failed to mknod('/lib/apk', S_IFCHR, 0): file exists #1536
Description
What installation are you running?
Production (netalertx) 📦
Is there an existing issue for this?
- I have searched the existing open and closed issues and I checked the docs https://docs.netalertx.com/
The issue occurs in the following browsers. Select at least 2.
- Firefox
- Chrome
- Edge
- Safari (unsupported) - PRs welcome
- N/A - This is an issue with the backend
Current Behavior
In beginning of february I installed the actual version of netalertx from ghcr.io/jokob-sk/netalertx:latest and I could create a conainer and start the allpication. Some days later a new version was availible, which I couldn't install (tried with dockhand and portainer).
To fix this problem I stopped the container, and removed container and image and tried to pull a new image.
From that point I got the error message: failed to register layer: failed to mknod('/lib/apk', S_IFCHR, 0): file exists
root@Docker:/docker# docker pull ghcr.io/jokob-sk/netalertx:26.2.6 26.2.6: Pulling from jokob-sk/netalertx d49a2dee86fb: Pull complete 550e7b4b52b0: Pull complete 8841ce163337: Pull complete 43184f602f79: Pull complete 4eb128aa7e4e: Pull complete 5ea2d039441d: Pull complete 4cd4db271569: Pull complete 98b072cb5e35: Pull complete 93d583019790: Pull complete a41f7a0ff188: Pull complete 0b90d813349d: Pull complete 8d478e30e4bd: Extracting 7.848MB/7.848MB failed to register layer: failed to mknod('/lib/apk', S_IFCHR, 0): file exists
Tried to install the whole docker environment new, but came always th the sam result.
Tried the following image sources:
- ghcr.io/jokob-sk/netalertx:26.2.6
- ghcr.io/jokob-sk/netalertx:latest
- ghcr.io/netalertx/netalertx:latest
all with the same result.
Expected Behavior
Pulling image without errors and starting the container, according stack configuration.
Steps To Reproduce
No response
Relevant app.conf settings
docker-compose.yml
name: netalertx
services:
netalertx:
container_name: netalertx # The name when you docker contiainer ls
image: ghcr.io/netalertx/netalertx:latest
network_mode: host # Use host networking for ARP scanning and other services
read_only: true # Make the container filesystem read-only
cap_drop: # Drop all capabilities for enhanced security
- ALL
cap_add: # Add only the necessary capabilities
- NET_ADMIN # Required for ARP scanning
- NET_RAW # Required for raw socket operations
- NET_BIND_SERVICE # Required to bind to privileged ports (nbtscan)
- CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges
- SETUID # Required for root-entrypoint to switch to non-root user
- SETGID # Required for root-entrypoint to switch to non-root group
volumes:
# - /docker/netalertx:/data:rw # Persistent Docker-managed named volume for config + database
# - /docker/netalertx/logs:/tmp/log:rw
# - /etc/timezone:/etc/localtime:ro # Bind mount for timezone consistency
- type: bind # Persistent Docker-managed named volume for config + database
source: /docker/netalertx
target: /data # `/data/config` and `/data/db` live inside this mount
read_only: false
- type: bind # Bind mount for timezone consistency
source: /etc/timezone
target: /etc/localtime
read_only: true
# Mount your DHCP server file into NetAlertX for a plugin to access
# - path/on/host/to/dhcp.file:/resources/dhcp.file
# tmpfs mount consolidates writable state for a read-only container and improves performance
# uid/gid default to the service user (NETALERTX_UID/GID, default 20211)
# mode=1700 grants rwx------ permissions to the runtime user only
tmpfs:
# Comment out to retain logs between container restarts - this has a server performance impact.
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# Retain logs - comment out tmpfs /tmp if you want to retain logs between container restarts
# Please note if you remove the /tmp mount, you must create and maintain sub-folder mounts.
# - /docker/netalertx/logs:/tmp/log
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
- "/tmp/nginx:uid=uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
- "/tmp/run:uid=uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
environment:
LISTEN_ADDR: 0.0.0.0 # Listen for connections on all interfaces
PORT: 20211 # Application port
GRAPHQL_PORT: 20212 # GraphQL API port (passed into APP_CONF_OVERRIDE at runtime)
# NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0} # 0=kill all services and restart if any dies. 1 keeps running dead services.
PUID: 20211 # Runtime PUID override, set to 0 to run as root
PGID: 20211 # Runtime PGID override
# Resource limits to prevent resource exhaustion
mem_limit: 2048m # Maximum memory usage
mem_reservation: 1024m # Soft memory limit
cpu_shares: 512 # Relative CPU weight for CPU contention scenarios
pids_limit: 512 # Limit the number of processes/threads to prevent fork bombs
logging:
driver: "json-file" # Use JSON file logging driver
options:
max-size: "10m" # Rotate log files after they reach 10MB
max-file: "3" # Keep a maximum of 3 log files
# Always restart the container unless explicitly stopped
restart: unless-stopped
# Healthcheck
healthcheck:
test: curl -f http://192.168.178.100:20211 || exit 1Debug or Trace enabled
- I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.
Relevant app.log section
PASTE LOG HERE. Using the triple backticks preserves format.
Docker Logs
PASTE DOCKER LOG HERE. Using the triple backticks preserves format.