Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rootless: Permission issue for executable /usr/bin/dumb-init #32545

Open
Eoin-ONeill-Yokai opened this issue Nov 17, 2024 · 1 comment
Open

Rootless: Permission issue for executable /usr/bin/dumb-init #32545

Eoin-ONeill-Yokai opened this issue Nov 17, 2024 · 1 comment
Labels
type/bug

Comments

@Eoin-ONeill-Yokai
Copy link

Eoin-ONeill-Yokai commented Nov 17, 2024
edited
Loading

Description

I'm trying to port my previously docker-based gitea service to a rootless container version. I am using podman compose on a Fedora CoreOS system. I currently have the following docker compose file:

version: "3"

networks:
  home:
    external: true

services:
  server:
    image: gitea/gitea:latest-rootless
    container_name: gitea
    restart: always
    networks:
      - home
    volumes:
      - ./gitea:/data:Z
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "3222:2222"
    security_opt:
      - label=disable

I'll note that I've tried with and without the security_opt entry to override label SELinux protections (I know it's not recommended) and also tried with sudo setenforce 0/1 values but I always get the following error:

...
{"msg":"exec container process `/usr/bin/dumb-init`: Permission denied","level":"error","time":"2024-11-17T22:57:02.854823Z"}
{"msg":"exec container process `/usr/bin/dumb-init`: Permission denied","level":"error","time":"2024-11-17T22:57:15.489072Z"}

My guess would be that the rootless container for some reason is running as a user that doesn't have permission to run executables in /usr/bin but why exactly would this be the case in a rootless container?

I've tried both latest-rootless and nightly-rootless with the same result. I have not tried older versions yet.

Reproduction

Install a fedora CoreOS system
Migrate your data folder from a debian based system that uses docker, make modifications to reflect my existing config.
Make sure folder permissions are set as the user running the podman container. For example, chown -R 1000:1000 ./your-gitea-data-folders.
Try to start the rootless container. You should get dumb-init errors.

Gitea Version

nightly-rootless, latest-rootless

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Fedora CoreOS

How are you running Gitea?

Podman images using podman compose. See above compose file.

Database

None
@Eoin-ONeill-Yokai
Copy link
Author

One additional note:

I've also tried with no ported configuration just now and it continues to fail to execute dumb-init due to permission errors. So even on a plain-jane CoreOS installation the above docker compose configuration should still fail to run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Eoin-ONeill-Yokai