The OCI runtime exec failed error occurs when Docker's container runtime cannot start or execute a process inside a container. This typically happens due to missing executables, incorrect shell paths, containerd/runc bugs, or line ending issues in scripts.
This error originates from Docker's OCI (Open Container Initiative) runtime layer, specifically the runc or containerd components that manage container processes. When you see "OCI runtime exec failed: exec failed: unable to start container process," it means the container runtime attempted to start or execute a command but encountered a fundamental issue that prevented the process from launching. The error can occur during `docker run` (when starting a container) or `docker exec` (when executing commands in a running container). The root cause is usually one of several system-level problems: the executable doesn't exist at the specified path, the wrong shell interpreter is being used, there's a bug in the runtime components, or file permissions and line endings are causing issues. Understanding this error requires recognizing that Docker containers run processes through multiple layers: Docker CLI → Docker daemon → containerd → runc → container process. When any link in this chain fails to properly initialize the process, you'll see this error message.
First, check if the command you're trying to run actually exists in the container. Use docker run with a shell to inspect:
docker run -it <image> /bin/sh
# or
docker run -it <image> /bin/bashOnce inside, check if the executable exists:
which <command>
ls -la /path/to/executableIf the command doesn't exist, you need to install it in your Dockerfile or change your CMD/ENTRYPOINT to use an available executable.
Alpine Linux and other minimal images often don't include bash. Check which shell is available and update your commands accordingly:
# For Alpine-based images, use /bin/sh instead of /bin/bash
FROM alpine:latest
CMD ["/bin/sh", "-c", "echo hello"]
# For Ubuntu/Debian images, bash is usually available
FROM ubuntu:latest
CMD ["/bin/bash", "-c", "echo hello"]When using docker exec, match the shell to what's available:
# Use sh for Alpine
docker exec -it container_name /bin/sh
# Use bash for Ubuntu/Debian
docker exec -it container_name /bin/bashEnsure you're using correct Linux path formatting:
# WRONG - backslashes don't work on Linux
CMD ["\bin\sh", "-c", "echo hello"]
# CORRECT - use forward slashes
CMD ["/bin/sh", "-c", "echo hello"]
# WRONG - quoting the entire command
docker exec container "/bin/sh -c 'ls'"
# CORRECT - separate arguments
docker exec container /bin/sh -c "ls"Use the full path to executables or add directories to PATH:
# Option 1: Use full path
CMD ["/usr/local/bin/myapp"]
# Option 2: Update PATH
ENV PATH="/app/bin:$PATH"
CMD ["myapp"]If you're copying scripts from Windows, they may have CRLF line endings that cause execution failures. Convert them to LF:
Using dos2unix:
dos2unix script.shIn your Dockerfile, you can fix line endings during the build:
COPY script.sh /app/
RUN sed -i 's/\r$//' /app/script.sh && \
chmod +x /app/script.shIn Git, configure proper line ending handling:
# Set in .gitattributes
*.sh text eol=lfVerify shebang lines in scripts are correct:
#!/bin/sh
# NOT: #!/bin/bash (if bash isn't installed)Containerd 1.6.7 and runc 1.1.3 had bugs causing "operation not permitted" errors. Update to fixed versions:
Check current versions:
docker info | grep -i runtime
containerd --version
runc --versionUpdate containerd (fixes 1.6.7 regression):
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install containerd.io
# Verify version is 1.6.8 or higher
containerd --versionUpdate runc (fixes 1.1.3 bug):
# Download latest runc
wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
sudo install -m 755 runc.amd64 /usr/local/sbin/runc
runc --versionAfter updating, restart Docker:
sudo systemctl restart dockerRestart your containers:
docker stop <container_id>
docker start <container_id>If the error occurs because a required executable isn't installed, add it to your Dockerfile:
# For Alpine
FROM alpine:latest
RUN apk add --no-cache bash curl wget
# For Ubuntu/Debian
FROM ubuntu:latest
RUN apt-get update && apt-get install -y \
bash \
curl \
wget \
&& rm -rf /var/lib/apt/lists/*For existing containers, you can temporarily install packages:
# Alpine
docker exec container apk add bash
# Ubuntu/Debian
docker exec container apt-get update && apt-get install -y bashHowever, always prefer rebuilding your image with the proper dependencies rather than modifying running containers.
Git Bash on Windows: Recent versions of Git Bash (4.4+) require a leading slash before paths when using docker exec: docker exec container //bin/bash -c "ls //usr/bin"
Docker Compose timeouts: Compose timeouts can corrupt container state. If you encounter persistent issues, increase timeout and clean up: export COMPOSE_HTTP_TIMEOUT=480 then run docker system prune
SELinux considerations: On RHEL/CentOS systems with SELinux enabled, permission errors may require adjusting SELinux contexts with chcon or running containers with --security-opt label=disable (not recommended for production)
Debugging approach: Use docker inspect <container> to examine the exact command being executed and docker logs <container> to see any startup errors that might provide more context about why the process failed to start.
image operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker
cannot open '/etc/passwd': Permission denied
How to fix 'cannot open: Permission denied' in Docker
Error response from daemon: failed to create the ipvlan port
How to fix 'failed to create the ipvlan port' in Docker
toomanyrequests: Rate exceeded for anonymous users
How to fix 'Rate exceeded for anonymous users' in Docker Hub