Using InterSystems IRIS containers with Docker 20.10.14+
Docker 20.10.14 (released March 23, 2022) changes the Linux capabilities given to containers in a manner that is incompatible with the Linux capability checker in InterSystems IRIS 2021.1 (and up) containers.
Users running Docker 20.10.14 on Linux will find that IRIS 2021.1+ containers will fail to start and the logs will incorrectly report that required Linux capabilities are missing. For example:
[ERROR] Required Linux capability cap_setuid is missing. [ERROR] Required Linux capability cap_dac_override is missing. [ERROR] Required Linux capability cap_fowner is missing. [ERROR] Required Linux capability cap_setgid is missing. [ERROR] Required Linux capability cap_kill is missing. [FATAL] Your IRIS container is missing one or more required Linux capabilities.
Resolution
Users experiencing this problem will need to adjust the command line passed to the container’s entrypoint to disable checking for Linux capabilities. From the command line, add --check-caps false
after the image in your docker run
or docker start
command. For example:
docker run containers.intersystems.com/intersystems/iris-community:2022.1.0.152.0 --check-caps false
If you're using docker-compose
, the corresponding change would be as follows:
command: --check-caps false
The capability check acts as a way of checking for common misconfigurations before starting the IRIS processes. Disabling the Linux capability check has no impact on the IRIS processes running in the container.