search

Devidian / docker-spaceengineers

A Docker for Space Engineers Dedicated Server
87 stars 21 forks source link

Cannot Close/Restart Container Without Fiddling with AppArmor #18

Closed foopis23 closed 3 years ago

foopis23 commented 3 years ago

So I downloaded the example docker-compose.yml and change the instance name and all that and it works. I have been starting the container with docker-compose up -d.

But If I need to change a setting or do a restart the only way I know how to is by restarting the whole container. Every time I try to close the container I get this message. 

ERROR: for se-ds-docker-quickstart  cannot stop container: d9775e467d1e6076eaa8723c3cc79598449c695e3c4dc6453c1737f74cafb33c: Cannot kill container d9775e467d1e6076eaa8723c3cc79598449c695e3c4dc6453c1737f74cafb33c: unknown error after kill: runc did not terminate sucessfully: container_linux.go:392: signaling init process caused "permission denied"
: unknown
Removing network docker-spaceengineers_default
ERROR: error while removing network: network docker-spaceengineers_default id ceff8a27facb23934d0b80cc1da835007655de73ab6c0abaa75fd36135e0b145 has active endpoints

I found a solution online, that says if your container gets stuck like this, you need to run sudo aa-remove-unknown which sort of works. I can't close the container with docker-compose down anymore, but I can kill the container with its id (docker container kill ${CONTAINER_ID}).

But then when I try to reopen the container, using docker-compose up -d, I get an error message about how I can't run the container because my permissions are evaluated and unconfined. The only way I have been able to resolve this issue is by completely rebooting the machine. 

snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks

This might just be me using Docker wrong since I have only ever used it on Windows as a development environment and not to host something on Linux. If that is the case, a point in the right direction would be appericated.

Devidian commented 3 years ago

Ok, first of all it might be helpful to know what kind of environment you are using. Including OS, docker version etc.

In general its hard to give a solution for a problem that cant be reproduced.

foopis23 commented 3 years ago

The machine is not VM, it is Ubuntu server running directly on the hardware. I installed docker using the convince script that was provided in the docs.

Docker: Docker version 20.10.7, build f0df350 OS: Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-80-generic x86_64)

Full Docker Version Output: 

Client: Docker Engine - Community
 Version:           20.10.7
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        f0df350
 Built:             Wed Jun  2 11:56:38 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       bd33bbf
  Built:            Fri Feb  5 15:58:24 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.3.7
  GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
 runc:
  Version:          1.0.0-rc10
  GitCommit:
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Docker Compose File:

version: '3.8'

services:
  se-server:
    security_opt:
      - seccomp:unconfined
    image: devidian/spaceengineers
    container_name: se-ds-docker-quickstart
    restart: unless-stopped
    volumes:
      - /home/foopis/.appdata/space-engineers/instances:/appdata/space-engineers/instances
      - /home/foopis/.appdata/space-engineers/SpaceEngineersDedicated:/appdata/space-engineers/SpaceEngineersDedicated
      - /home/foopis/.appdata/space-engineers/steamcmd:/root/.steam
    ports:
      - target: 8080
        published: 18080
        protocol: tcp
        mode: host
      - target: 27016
        published: 27016
        protocol: udp
        mode: host
    environment:
      - WINEDEBUG=-all
      - INSTANCE_NAME=sbi

Also, I added the security_opt section in hoping to solve this problem after I opened this issue. It didn't work from what I can tell.

Devidian commented 3 years ago

Hmm, i currently dont have any ubuntu server - or free server to install ubuntu - to check if i'am running into the same issue.

Did you install ubuntu server just for the game, or for something else? In the first case, any other possible linux you could try out?

foopis23 commented 3 years ago

No, the server I'm using already existed and had Ubuntu on it. Using another distro is not an option currently.

foopis23 commented 3 years ago

Problem

I think I solved my issue. Was not related to this container I don't think. I saw something on a thread that said, if you installed the snap version of docker compose then it can have profile issues with app armor.

Solution

My solution was to follow the uninstall instructions for docker on ubuntu docs page. Then reinstall but this time using the "Install using the repository" instructions instead of the convivence script. Docker Docs: https://docs.docker.com/engine/install/ubuntu/

Thank you for your time, and sorry the issue ended up being on my end.

References

I am going to link a few threads that I referenced just for documentation and for other people who run into the issue and end up here.

https://stackoverflow.com/questions/47223280/docker-containers-can-not-be-stopped-or-removed-permission-denied-error https://forums.docker.com/t/can-not-stop-docker-container-permission-denied-error/41142/5