Open
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
As of 1.0.20210914-r4-ls62, container can't start if docker is using a user namespace, even though userns_mode is set to "host".
s6-overlay seems to not be able to set correct permissions/ownership to /run.
Reverting to 1.0.20210914-r4-ls61 fixes the issue.
I've encountered this problem with several linuxserver.io containers, is this type of setup not supported anymore?
Expected Behavior
Container should start.
Steps To Reproduce
- Change docker environment to run in user namespace.
- Start container using userns_mode: "host"
Environment
- OS:Debian 12
- How docker service was installed:
standard docker installation for Debian (https://docs.docker.com/engine/install/debian/) followed by editing /etc/docker/daemon.json to enable user namespace
{
"userns-remap": "default"
}CPU architecture
x86-64
Docker creation
services:
wireguard:
image: lscr.io/linuxserver/wireguard:1.0.20210914-r4-ls62
userns_mode: "host"
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE #optional
environment:
- PUID=5000
- PGID=5000
- TZ=Europe/Berlin
volumes:
- ./config:/config
ports:
- 51821:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stoppedContainer logs
s6-overlay-suexec: warning: real uid is 0 while effective uid is 493216; setting everything to 0; check s6-overlay-suexec permissions
/package/admin/s6-overlay/libexec/preinit: fatal: /run belongs to uid 493216 instead of 0 and we're lacking the privileges to fix it.
s6-overlay-suexec: fatal: child failed with exit code 100Metadata
Metadata
Assignees
Type
Projects
Status
Issues