Linux Docker & Container Errors: daemon, image pull, exit 137, port allocation

Docker and Container Errors

Container runtimes add an entire layer of failure modes that don’t exist with bare-metal services: image pulls, registry auth, daemon-socket access, layered storage, network namespaces, and resource limits. The ten errors below are what you’ll see on Docker / containerd / podman in production.

#061 Cannot connect to the Docker daemon

Solution: systemctl status docker; journalctl -u docker -n 50; verify socket: ls -l /var/run/docker.sock; user not in docker group: usermod -aG docker $USER + re-login.

#062 pull access denied

Description: Image not found or auth required.

Solution: docker login REGISTRY; verify image name spelling (docker.io/lib/x vs org/x); for private registries: check token expiry.

#063 No space left on device (overlay2)

Solution: docker system df shows usage; docker system prune -a to clean stale images/containers/build cache; for thin-provisioned LVM: extend the pool.

#064 Container exited with code 137

Description: SIGKILL — usually OOM-killed by container memory limit.

Solution: docker inspect CONT | grep OOMKilled; raise --memory limit; investigate the leak inside.

#065 Bind for 0.0.0.0:443 failed: port is already allocated

Solution: ss -tlnp | grep :443; another container or host service has the port; pick a different host port (-p 8443:443).

#066 Manifest unknown / image not found

Solution: Tag mismatch (:latest vs :1.2); registry doesn’t have that arch; docker manifest inspect IMG to confirm.

#067 Container in restart loop

Solution: docker logs --tail 100 CONT shows what made it crash; almost always config error or missing env var. Don’t use --restart=always while debugging.

#068 Iptables: No chain/target/match by that name

Description: Docker uses iptables for network setup; chain order broken by manual edits or firewalld interaction.

Solution: iptables -L -n; restart docker daemon to recreate chains; on RHEL with firewalld: firewall-cmd --reload.

#069 Mounts denied: path not exported

Solution: Docker Desktop on macOS/Windows: add path to File Sharing. On Linux: SELinux blocks volume mounts — add :Z to the volume flag.

#070 Cgroups out of memory limit

Description: Container hit memory cap; processes inside got SIGKILL.

Solution: docker stats CONT shows current use; raise limit with docker update --memory 2g CONT (or in compose).

Conclusion

1. docker logs --tail 100 CONT is your first reach. The error is almost always there.
2. docker system prune -a regularly — image+layer accretion is silent.
3. Set --memory and --cpus limits explicitly; don’t let runaway containers eat the host.
4. Use :Z on SELinux systems for volume mounts; saves hours of debugging.
5. Pin image tags (not :latest) for reproducibility.

Related Linux Admin articles

• Linux User & Service Management — for the docker daemon as a systemd unit
• Linux CI/CD & Automation Errors — many CI failures are container-related
• Linux Process & Memory Errors — for OOM-killed containers