This error occurs when the container runtime (runc) fails to initialize and start your container process. Common causes include missing executables, incorrect file permissions, invalid entrypoints, or Docker version incompatibilities.
The "OCI runtime create failed: container init process failed" error indicates that Docker's underlying container runtime (runc) was unable to start the init process inside the container. This happens during the container creation phase, before your application even begins running. OCI (Open Container Initiative) defines the standard for container runtimes. When Docker tries to start a container, it delegates to runc, which sets up the container's namespaces, cgroups, and filesystem, then executes the init process (your ENTRYPOINT or CMD). If any of these steps fail, you get this error. The error message is often followed by more specific details about what went wrongβsuch as "executable file not found", "permission denied", or "exec format error". Reading the complete error message is crucial for diagnosis.
The OCI runtime error is usually followed by more specific information. Look for the trailing part of the error:
docker run your-image 2>&1 | tail -20Common trailing messages and their meanings:
- executable file not found in $PATH - Missing binary
- permission denied - File permission issue
- exec format error - Wrong architecture or shebang issue
- no such file or directory - Missing file or bad line endings
- read-only file system - Volume mount issue
Inspect the image to see what command it's trying to run:
docker inspect --format='Entrypoint={{.Config.Entrypoint}} Cmd={{.Config.Cmd}}' your-imageThen verify the executable exists inside the image:
# Start a shell in the image (if available)
docker run --rm -it --entrypoint /bin/sh your-image -c "which your-command"
# Or list files in the expected path
docker run --rm -it --entrypoint /bin/sh your-image -c "ls -la /path/to/entrypoint"If using a minimal base image like alpine or scratch, ensure all required binaries are present.
Shell scripts created on Windows often have CRLF line endings that cause "no such file or directory" errors on Linux:
# Check for CRLF in your script
file entrypoint.sh
# Or
cat -v entrypoint.sh | head -5 # Look for ^M charactersFix: Convert to Unix line endings:
# Using dos2unix
dos2unix entrypoint.sh
# Or using sed
sed -i 's/\r$//' entrypoint.sh
# Or in Dockerfile
RUN sed -i 's/\r$//' /entrypoint.shPrevent future issues: Configure Git to handle line endings:
git config --global core.autocrlf inputScripts need execute permissions to run. Add this to your Dockerfile:
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]Or fix permissions before building:
chmod +x entrypoint.sh
git update-index --chmod=+x entrypoint.sh # Preserve in GitOutdated Docker versions can have runc compatibility issues. Docker 25+ resolves many OCI runtime issues:
# Check current version
docker version
# Update on Ubuntu/Debian
sudo apt update && sudo apt upgrade docker-ce docker-ce-cli containerd.io
# Update on CentOS/RHEL
sudo yum update docker-ce docker-ce-cli containerd.ioAfter updating, restart Docker:
sudo systemctl restart dockerCorrupted containers or images can cause this error. Clean up and retry:
# Stop all containers
docker stop $(docker ps -aq) 2>/dev/null
# Remove stopped containers
docker container prune -f
# Remove unused images
docker image prune -a -f
# Restart Docker daemon
sudo systemctl restart docker
# Try running your container again
docker run your-imageIf AppArmor or SELinux is causing the issue, test by temporarily disabling security confinement:
docker run --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined your-imageWarning: Only use this for testing. If it works, investigate the proper security policy fix rather than running production containers without security confinement.
For SELinux systems, check audit logs:
sudo ausearch -m avc -ts recent | grep dockerIf running an image built for a different architecture, you'll get "exec format error":
# Check your system architecture
uname -m
# Check image architecture
docker inspect --format='{{.Architecture}}' your-imageSolutions:
- Pull the correct architecture: docker pull --platform linux/amd64 your-image
- Use multi-arch builds
- Enable QEMU emulation: docker run --privileged --rm tonistiigi/binfmt --install all
### MountFlags Systemd Issue
On some Linux distributions, the Docker systemd service includes MountFlags=slave which can cause mount-related OCI errors:
# Check if this is the issue
sudo grep MountFlags /etc/systemd/system/docker.service
# Remove the line and reload
sudo sed -i '/MountFlags/d' /etc/systemd/system/docker.service
sudo systemctl daemon-reload
sudo systemctl restart docker### WSL Configuration (Windows)
On Windows with WSL, ensure you're using WSL2:
# Check WSL version
wsl --list --verbose
# Upgrade to WSL2 if needed
wsl --set-version Ubuntu 2### Kubernetes/EKS cgroup Issues
In Kubernetes environments (especially EKS), cgroup v2 compatibility can cause this error:
error during container init: error setting cgroup config for procHooks processSolutions:
- Update to a newer EKS AMI with kernel support for required cgroup features
- Use containerd runtime with proper cgroup driver configuration
### Debugging with strace
For complex cases, trace the runc execution:
sudo strace -f -o /tmp/runc.log docker run your-imageLook for ENOENT (file not found) or EACCES (permission denied) near the end of the log.
### Scratch/Distroless Images
When using FROM scratch or distroless base images, ensure:
- Your binary is statically compiled
- No shared library dependencies (ldd your-binary should show "not a dynamic executable")
- The binary path is correct and absolute
unable to configure the Docker daemon with file /etc/docker/daemon.json
How to fix 'unable to configure the Docker daemon with file daemon.json' in Docker
docker: Error response from daemon: OCI runtime create failed: container_linux.go: starting container process caused: exec: "/docker-entrypoint.sh": stat /docker-entrypoint.sh: no such file or directory
How to fix 'exec: entrypoint.sh: no such file or directory' in Docker
image operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
dockerfile parse error line 5: unknown instruction: RRUN
How to fix 'unknown instruction' Dockerfile parse error in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker