解决用docker安装umbra数据库遇到的FATAL:Operation not permitted错误

拉取镜像后直接运行，服务器报错退出。

sudo docker pull docker.1ms.run/umbradb/umbra
Using default tag: latest
latest: Pulling from umbradb/umbra
541fbd16e24d: Pull complete 
83feeaa56806: Pull complete 
e72bc911f64a: Pull complete 
72d48bc87af7: Pull complete 
1b4a5d5b9576: Pull complete 
bebba240fd89: Pull complete 
48a4d34c7031: Pull complete 
4f4fb700ef54: Pull complete 
Digest: sha256:a8ee9596f5f8ecea59187e378266cd7f5801545edabb81401d57268f3d0085c1
Status: Downloaded newer image for docker.1ms.run/umbradb/umbra:latest

sudo docker run -itd -v /shujv/par:/par --network host --name  umbra26 docker.1ms.run/umbradb/umbra
24608a897b9df688398c2d162de4cc2c538d2f3552320504c6cf65eac75cb6a4
sudo docker exec -it umbra26 bash
Error response from daemon: Container 24608a897b9df688398c2d162de4cc2c538d2f3552320504c6cf65eac75cb6a4 is not running
sudo docker logs umbra26
Creating a new database!
FATAL:   Operation not permitted
WARNING: Could not extract threads for numa node 0!
terminate called after throwing an instance of 'std::system_error'
  what():  Operation not permitted
/docker-entrypoint.sh: line 9:     6 Aborted                 (core dumped) umbra-sql -createdb /var/db/umbra.db <<< "ALTER ROLE postgres WITH LOGIN SUPERUSER PASSWORD 'postgres';"

用如下命令查看容器情况

sudo docker inspect umbra26
[
    {
        "Id": "24608a897b9df688398c2d162de4cc2c538d2f3552320504c6cf65eac75cb6a4",
        "Created": "2026-03-19T23:56:13.06513222Z",
        "Path": "/docker-entrypoint.sh",
        "Args": [],
        "State": {
            "Status": "exited",
            "Running": false,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 1,
            "Error": "",
            "StartedAt": "2026-03-20T00:00:21.25225923Z",
            "FinishedAt": "2026-03-20T00:00:21.37099917Z"
        },

用--entrypoint /bin/bash命令绕过/docker-entrypoint.sh文件重新运行容器就不报错了。docker exec -it能登入后台服务器。

sudo docker run -itd -v /shujv/par:/par --network host --entrypoint /bin/bash --name  umbra25 docker.1ms.run/umbradb/umbra
92d77fdfc54795086e4ee6d733df749cb9fd612e1b562afb52dd04c04b9728b2
sudo docker exec -it umbra25 bash

ls
bin   dev		    etc	  lib	 mnt  par   root  sbin	sys  usr
boot  docker-entrypoint.sh  home  media	 opt  proc  run	  srv	tmp  var
cat *sh
#!/usr/bin/env bash

# Setup a database
if [[ -e /var/db/umbra.db ]]; then
  echo "Using the existing database!"
else
  echo "Creating a new database!"
  umbra-sql -createdb /var/db/umbra.db <<<"ALTER ROLE postgres WITH LOGIN SUPERUSER PASSWORD 'postgres';" || exit 1
fi

# Start the server
echo "Starting the server!"
if [[ -e /var/db/umbra.cert && -e /var/db/umbra.pem ]]; then
  exec umbra-server -address 0.0.0.0 /var/db/umbra.db || exit 1
else
  exec umbra-server -createSSLFiles -certFile /var/db/umbra.cert -keyFile /var/db/umbra.pem -address 0.0.0.0 /var/db/umbra.db || exit 1
fi
env
HOSTNAME=kylin-aaa
CLANG_VERSION=21
GCC_VERSION=15
PWD=/
UMBRA_DB=/var/db
HOME=/home/umbra
BOOST_VERSION=1.88.0
RE2_VERSION=11
TERM=xterm
SHLVL=1
CLANG_VERSION_FULL=21.1.2
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
OLDPWD=/var/local

查看docker-entrypoint.sh内容知道它执行了创建数据库操作，单独执行umbra-sql和umbra-server仍然报同样错误。

umbra-sql
FATAL:   Operation not permitted
WARNING: Could not extract threads for numa node 0!
terminate called after throwing an instance of 'std::system_error'
  what():  Operation not permitted
Aborted (core dumped)
umbra-server
FATAL:   Operation not permitted
WARNING: Could not extract threads for numa node 0!
terminate called after throwing an instance of 'std::system_error'
  what():  Operation not permitted
Aborted (core dumped)
whereis umbra-sql
umbra-sql: /usr/local/bin/umbra-sql
ls -l /usr/local/bin/
total 82344
-rwxr-xr-x 1 root root 42025424 Feb  2 15:36 umbra-server
-rwxr-xr-x 1 root root 42288968 Feb  2 15:36 umbra-sql
umbra-sql -version
Umbra version v0.2-1665-gfeeb4bb5d (2026-02-02, format 41)
(c) 2016-2026 TUM. All rights reserved.

umbra-sql --help  
Umbra command line interface

Usage: umbra-sql [options] <dbfile> <queryfiles>

Options:
-createdb         create a new database file
-database=<value> select the logical database
-help             show help
-license          show license information
-readonly         open the database read-only
-s                optimize the runner for small tests (not large benchmarks)
-version          show version information

查询网上的文章得知可以用--privileged参数提权。用这个选项重新运行容器，好了。虽然还有警告WARNING: Could not extract threads for numa node 0!，但不影响执行SQL命令。

sudo docker run -itd -v /shujv/par:/par --network host --entrypoint /bin/bash --privileged --name  umbra25 docker.1ms.run/umbradb/umbra
5457907270a17abd027be61c7130845201651917777bd0257db330c5a53e10d1
sudo docker exec -it umbra25 bash
umbra-sql
WARNING: Could not extract threads for numa node 0!
> \timing on
ERROR:   unknown backslash command: \timing


> create table t as select i%2 a, i%7 b,i%11 c from generate_series(1,10000000)t(i);
INFO:    [s] execution: (0.209564 min, 0.209564 max, 0.209564 median, 0.0% relMAD, 0.209564 avg, 0.000000 sdev, 3209778944.00 cycles, 5079133696.00 instr, 14833731.00 L1D-misses, 2862508.25 branch-misses, 1255993984.00 task, 1 scale, 1.58 IPC, 5.99 CPUs, 2.56 GHz) compilation: (0.000429 min, 0.000429 max, 0.000429 median, 0.0% relMAD, 0.000429 avg, nan sdev)

umbra的商业化cedardb数据库也能同样的方法执行。

sudo docker pull docker.1ms.run/cedardb/cedardb
[sudo] kylin 的密码：
Using default tag: latest
latest: Pulling from cedardb/cedardb
541fbd16e24d: Already exists 
73ad82b5b8f8: Pull complete 
c73545e2534a: Pull complete 
9273f72994c3: Pull complete 
fcec8f292773: Pull complete 
91211ff0b7df: Pull complete 
0dfe5b2a75b8: Pull complete 
f0d5492ccde6: Pull complete 
f7fdba33ba4a: Pull complete 
617bf033d4aa: Pull complete 
3dafedfd2d97: Pull complete 
Digest: sha256:9501cdd689e15678c29f447ed650b4547a9d07832ff0286700e54d8875beb7e0
Status: Downloaded newer image for docker.1ms.run/cedardb/cedardb:latest

sudo docker run -itd --network host -v /shujv/par:/par --entrypoint /bin/bash --privileged --name cedar3 docker.1ms.run/cedardb/cedardb 
526d6b8cf68aa7ea8f6b331f3d2f048671dcdad5f79d50156dc58620082eedf3
sudo docker exec -it cedar3 bash

cedardb -i --inmemory
2026-03-20 04:19:00.677457940 UTC	INFO:    Using 3467 MB buffers, 3467 MB work memory
2026-03-20 04:19:00.690304610 UTC	NOTICE:  using a transient in-memory database
2026-03-20 04:19:00.787234850 UTC	INFO:    You're running CEDARDB COMMUNITY EDITION - using 0 GB out of 64 GB. Our General Terms and Conditions apply to the use of the CedarDB Community Edition. Run "cedardb --license" for more information.
> \timing on
> 2026-03-20 04:19:27.026369580 UTC	WARNING: Could not check for the latest CedarDB version.
  create table t as select i%2 a, i%7 b,i%11 c from generate_series(1,100000000)t(i);
2026-03-20 04:19:46.754087090 UTC	INFO:     [s] execution: (2.414190 min, 2.414190 max, 2.414190 median, 0.0% relMAD, 2.414190 avg, 0.000000 sdev, 43456503808.00 cycles, 46533435392.00 instr, 225808192.00 L1D-misses, 18544446.00 branch-misses, 16723023872.00 task, 1 scale, 1.07 IPC, 6.93 CPUs, 2.60 GHz) compilation: (0.000587 min, 0.000587 max, 0.000587 median, 0.0% relMAD, 0.000587 avg, nan sdev)