terrytw
September 4, 2022, 1:16am
1
I run into a problem when trying to run a docker container, it breaks down, with error message
Failed to set capabilities on file `/****' (Operation not supported)
There seems to be some reports regarding this issue as well:
opened 10:14PM - 04 Sep 19 UTC
closed 09:24PM - 05 Sep 19 UTC
## 中文版
* 使用的是什么应用作为文件管理?plex-filebrowser
* docker 容器是否都是正常运行?wahyd4/aria2-ui… 启动失败,spritsail/plex-media-server可以启动
* 日志输出是什么样子的?
# docker logs 5fea1294509f
**** update uid and gid to 1000:1000 ****
usermod: no changes
**** give caddy permissions to use low ports ****
Failed to set capabilities on file `/usr/local/bin/caddy' (Not supported)
usage: setcap [-q] [-v] [-n <rootid>] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]
Note <filename> must be a regular (non-symlink) file.
* 是否可以重现这个问题? 如何重新?
* 使用的操作系统以及Docker 版本
OS: openwrt snapshot
Docker version 19.03.1, build 74b1e89e8a
* (可选)应用截图
opened 07:14AM - 13 Aug 20 UTC
closed 04:37PM - 17 Aug 20 UTC
question
iotedge
customer-reported
## Current Behavior and Tries
edgeHub start up failed due to the following log:…
```
<4> 2020-08-13 06:48:19.215 +00:00 [WRN] - No XML encryptor configured. Key {8e90ad48-ac59-4a2d-a051-539e6fc2d5ca} may be persisted to storage in unencrypted form.
<6> 2020-08-13 06:48:19.280 +00:00 [INF] - Writing data to file '"/home/edgehubuser/.aspnet/DataProtection-Keys/key-8e90ad48-ac59-4a2d-a051-539e6fc2d5ca.xml"'.
<4> 2020-08-13 06:48:24.925 +00:00 [WRN] - Overriding address(es) '"http://+:80"'. Binding to endpoints defined in "UseKestrel()" instead.
<0> 2020-08-13 06:48:25.329 +00:00 [FTL] - Unable to start Kestrel.
System.Net.Sockets.SocketException (13): Permission denied
at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransport.BindAsync()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass22_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.EndpointsStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
<6> 2020-08-13 06:48:26.129 +00:00 [INF] - Stopping
<6> 2020-08-13 06:48:33.661 +00:00 [INF] - New token received on the Cbs link
```
- I do some attemps as the similar issue #671, #27 and #9 suggests. but no help.
- I run `docker exec -it 53f6ddce6abd getcap /usr/share/dotnet/dotnet` but get nothing.I checked Dockerfile of edgeHub, it should run `setcap 'cap_net_bind_service=+ep' /usr/share/dotnet/dotnet`, but it seems does not take effect when I start container.
- when I run edgeHub with root user, setcap and getcap works well.
- I change `ASPNETCORE_URLS` to `http://+:8080` get the same failed log with above.
- I checked Dockerfile of edge
So, anyone can give me some advice or workaround? thanks in advance!
## Steps to Reproduce
1. run `./iotedged -c config.yaml`
2. wait edgeHub container to run
## Context (Environment)
### 1. docker info
```
Containers: 2
Running: 1
Paused: 0
Stopped: 1
Images: 2
Server Version: 18.09.1
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 96ec2177ae841256168fcf76954f7177af9446eb
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.14.77
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 482.5MiB
Name: VG710
ID: T5WJ:CDAH:VQB4:NDOT:JC4E:BKZH:ESCD:WPJ5:TW6V:TUPJ:GYQN:ZI5Z
Docker Root Dir: /tmp/app/docker/docker_root
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
```
### 2. kernel 3.14 config with `cat .config | grep -E "EXT4|SECURITY|ATTR"`
```
"EXT4|SECURITY|ATTR"
CONFIG_HAVE_DMA_ATTRS=y
CONFIG_OF_FLATTREE=y
CONFIG_OF_EARLY_FLATTREE=y
# CONFIG_RAID_ATTRS is not set
# CONFIG_SCSI_SPI_ATTRS is not set
# CONFIG_SCSI_FC_ATTRS is not set
# CONFIG_SCSI_ISCSI_ATTRS is not set
# CONFIG_SCSI_SAS_ATTRS is not set
# CONFIG_SCSI_SRP_ATTRS is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_USE_FOR_EXT23=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
# CONFIG_EXT4_DEBUG is not set
CONFIG_TMPFS_XATTR=y
CONFIG_JFFS2_FS_XATTR=y
# CONFIG_JFFS2_FS_SECURITY is not set
# CONFIG_SQUASHFS_XATTR is not set
# CONFIG_SECURITY_DMESG_RESTRICT is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_NLATTR=y
```
### Device Information
* Host OS : OpenWrt CC
* Architecture: arm32
* Container OS: Linux containers
### Runtime Versions
* iotedged : 1.0.9.3
* Edge Agent : 1.0.9.3-linux-arm32v7
* Edge Hub: 1.0.9.3-linux-arm32v7
* Docker/Moby : 18.09.1
Does anyone know the reason? Or a workaround?
I tried to run it with --user root
or -e GUID=0
, does not seem to help.