Docker error: failed to register layer: lsetxattr security.capability /usr/libexec/gstreamer-1.0/gst-ptp-helper: operation not supported

Pulling some docker images returns this error message:

root@OpenWRTx86:~# docker pull linuxserver/webtop       Using default tag: latest
latest: Pulling from linuxserver/webtop                 d9ddd1a4da0f: Pull complete
1c50a76b3d41: Pull complete                             0637b4f64811: Pull complete
6ac4f0cbc457: Pull complete                             3858583454d6: Pull complete
8e6f09f4917e: Pull complete                             050c78a96349: Pull complete
00eacae7b62a: Extracting  486.2MB/486.2MB
ab5e5c8e737d: Download complete
b15eacb6c6d1: Download complete
c1fbfe48fecd: Download complete
failed to register layer: lsetxattr security.capability /usr/libexec/gstreamer-1.0/gst-ptp-helper: operation not supported

One of two

  • your filesystem does not support xattr as those in man 7 capabilities i.e partial elevated permission without sudo
  • it does but container is not permitted to set those in accordance with SETFCAP capability in dockerfile

Thanks. How should i fix this?

The documentation https://docs.linuxserver.io/images/docker-webtop/ says you must disable seccomp, so you could run process as root without container as well.

I tried seccomp=unconfined.
No luck.

Check if filesystem is mounted with xattr and setfcap is granted to the container

# grep xattr /proc/fs/ext4/sdb2/options   


returns: user_xattr

And does the container configuration permit to set capabilities on files?

I don't know how to check that.

From here you ask docker and your vendor, everything is correct in openwrt side.

1 Like