New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Operation not permitted /var/run/s6 on non-root user #198
Comments
LibreNMS has nothing to do with s6 and will work perfectly fine despite these errors. I'm unsure if it is even used in the image. Probably can be resolved in the docker image though. |
Cool..so how i do it? You have best practice for that? |
s6 is used in this image through s6-overlay to be able to manage services.
If you have a read-only root fs you might need to follow these steps. |
Hello @crazy-max, I have the same issue as @iiidddaaannn102 about permissions to s6. I try to deploy libreNMS into my company EKS cluster with same problematic about the non-root user restriction. Here is my deployment manifest :
I suspect variable "S6_READ_ONLY_ROOT" is not being taken into account... Thanks to you |
Hello, Has anyone an idea of how docker stack can be start with no root rights ? If more information is needed, don't hesitate and ask me ;) Thanks to you ! |
I'm running into this same issue which given our organizational policies makes this a blocker for us. Can someone please advise if this is a configuration problem, requires development, or won't fix issue? To summarize the problem when forcing pod to run as non-root user using: The pod crashes with : s6-overlay-preinit: fatal: unable to mkdir /var/run/s6: Read-only file system |
What does runAsNonRoot do? LibreNMS always runs without root priveledges. Or does that mean S6 runs without root? Not sure how that would work. |
Perhaps if /run is writable (mounted to tmpfs), /var/run is linked, and S6_READ_ONLY_ROOT is set, that would be enough. https://github.com/just-containers/s6-overlay#read-only-root-filesystem Probably not though as s6 sets up the other services. Perhaps this could be distilled down to a feature request to run with a read-only file system. |
Basically, it requires that the pod be submitted with a non-zero runAsUser or have the USER directive defined (using a numeric UID) in the image. This ensures container is not running as 0. |
hi,
because i can not use a root user in my company, i tried to run docker image with other users (librenms user and more).
I'm having issues when the container is on init(running /init) and there is a lot of "Operation not permitted" on /var/run/s6 directory.
i tried to use PUID and PGID env, and to give the user permissions to s6 recursively and to commit the image but every time the base librenms image is on init, it runs the /init and the issue is happened again.
in the documents write about the feature "non-root user" - so how i do it?
thanks all
The text was updated successfully, but these errors were encountered: