Fixing “OCI Runtime Error” When Running Docker Containers
The “OCI runtime error” can be a frustrating and vague message when you’re just trying to run a Docker container. This post explains what causes it, fixing “OCI runtime error” on both Linux and Windows, and includes a hands-on example to demonstrate the issue.
What Is an OCI Runtime Error?
OCI stands for Open Container Initiative, and Docker uses an OCI-compliant runtime like runc to create and manage containers. When something goes wrong at that low level, you’ll see an error like:
docker: Error response from daemon: OCI runtime create failed: ...
This could be due to:
- Missing or invalid configuration
- Permission issues
- SELinux/AppArmor blocks
- Resource constraints
- Misuse of flags or mount paths
Example: Reproducing an OCI Runtime Error
Let’s say you run:
docker run -v /root/secret:/app/data busybox ls /app/data
You might see:
docker: Error response from daemon: OCI runtime create failed:
container_linux.go:380: starting container process caused:
stat /root/secret: permission denied: unknown.
This is a classic OCI runtime error caused by mounting a folder the current user cannot access.
Fixing OCI Runtime Errors
1. Check File or Directory Permissions
Make sure your user can access the path you’re trying to mount.
Fix:
sudo chmod -R o+rx /root/secret
⚠️ Be cautious — exposing sensitive directories is not recommended.
2. Don’t Mount Protected or Non-Existent Paths
If you’re trying to mount something that doesn’t exist:
docker run -v /nonexistent:/data busybox
You’ll get an OCI runtime error.
Fix: Ensure the host path exists:
mkdir -p /nonexistent
3. Disable SELinux or Use :z Option (Linux Only)
On some distros like Fedora, SELinux blocks volume mounts silently.
Fix:
docker run -v /host/path:/container/path:Z my-image
Or temporarily disable SELinux (not recommended for production):
sudo setenforce 0
4. Ensure Compatible Docker Runtime (Advanced)
Check if you’re using a compatible runtime with:
docker info | grep Runtimes
To switch runtimes:
docker run --runtime=runc ...
5. Fix WSL2 Docker Issues (Windows)
If you’re using Docker Desktop + WSL2, ensure that:
- Docker Desktop is running
- You’ve enabled WSL integration in Docker settings
- You avoid mounting Windows paths incorrectly
Try using /mnt/c/... instead of C:\...
Bad:
docker run -v C:\Users\You\folder:/data my-image
Good:
docker run -v /mnt/c/Users/You/folder:/data my-image
Summary
| Problem | Solution |
| Mount error (permissions) | Check access or avoid protected folders |
| SELinux blocks volume | Use :z or :Z, or disable temporarily |
| Windows path error | Use WSL-style paths like /mnt/c/... |
| Directory doesn’t exist | Create it with mkdir -p |
OCI runtime errors can feel cryptic, but most are caused by path permissions, mount issues, or system security constraints. Once you understand what’s happening under the hood, they become much easier to fix.
This is the end of the Fixing “OCI Runtime Error” When Running Docker Containers.
You can read more useful articles like How To Resolve “Cannot Connect To The Docker Daemon”.
Follow us for the more helpful posts!
We hope this is a useful post for you.
