search

cmspam / incus-docker

A project to run incus in docker/podman
Apache License 2.0
20 stars 2 forks source link

Error: Failed to chmod dir "/var/lib/incus": chmod /var/lib/incus: operation not permitted #12

Closed talk2drys closed 1 month ago

talk2drys commented 1 month ago

I followed the instruction to setup incus on podman

I created the folder using

sudo mkdir /var/lib/incus

# i tried setting folder group permission using below command, but non worked
# sudo chown -R root:root /var/lib/incus
# sudo chmod -R 755 /var/lib/incus
# sudo chgrp incus /var/lib/incus
# sudo chgrp incus-admin /var/lib/incus

edited apparmor, even disabled sometime when trying to figure out the issue

...
53
 54   /usr/{bin,sbin}/dnsmasq mr,
 55
 56   /var/log/dnsmasq*.log w,
 57   /var/lib/incus/** rw,
 58
 59   /usr/share/dnsmasq{-base,}/ r,
 60   /usr/share/dnsmasq{-base,}/* r,
...

here is the command i use

podman run -d \
--name incus \
--cgroups=no-conmon \
--cgroupns=host \
--security-opt unmask=/sys/fs/cgroup \
--privileged \
--network host \
--pid=host \
--volume /dev:/dev \
--volume /var/lib/incus:/var/lib/incus \
--volume /lib/modules:/lib/modules:ro \
--volume /sys/kernel/security:/sys/kernel/security \     # note, i tried with and without this line
ghcr.io/cmspam/incus-docker:latest

here is the error

➜  ~ podman logs -f incus
Starting LXCFS at /opt/incus/bin/lxcfs
Ignoring invalid max threads value 4294967295 > max (100000).
Using runtime path /run
Running lxcfslib_init to reload liblxcfs
../src/bindings.c: 862: cgfs_setup_controllers: Failed to set up private lxcfs cgroup mounts
Failed to setup private cgroup mounts for lxcfsFailed to set receive buffer size for device monitor, ignoring: Operation not permitted
Using default interface naming scheme 'v252'.
Failed to set owner/mode of /dev/snd/seq to uid=65534, gid=29, mode=0660: Operation not permitted
Failed to set owner/mode of /dev/snd/timer to uid=65534, gid=29, mode=0660: Operation not permitted
Failed to set owner/mode of /dev/loop-control to uid=65534, gid=6, mode=0660: Operation not permitted
Failed to set owner/mode of /dev/kvm to uid=65534, gid=104, mode=0660: Operation not permitted
Failed to set owner/mode of /dev/vhost-vsock to uid=65534, gid=104, mode=0660: Operation not permitted
Failed to set owner/mode of /dev/vhost-net to uid=65534, gid=104, mode=0660: Operation not permitted
time="2024-09-20T02:40:50Z" level=error msg="Failed to start the daemon" err="Failed to chmod dir \"/var/lib/incus\": chmod /var/lib/incus: operation not permitted"
time="2024-09-20T02:40:50Z" level=warning msg="Instance type not operational" driver=qemu err="vhost_vsock kernel module not loaded" type=virtual-machine
Error: Failed to chmod dir "/var/lib/incus": chmod /var/lib/incus: operation not permitted
cmspam commented 1 month ago

Are you running podman as root?

talk2drys commented 1 month ago

Are you running podman as root?

No, should i be running it as root?

cmspam commented 1 month ago

Yes, you'd almost certainly need to be root. Operation not permitted is, I'm pretty sure, an issue with the user running podman not having the required permissions. I think it will work if you run podman with root permission.

talk2drys commented 1 month ago

Yes... I may not have made that clear in the readme... I've never tested it without root permissions. The user running podman would need full access to all of that stuff in /dev that you're getting errors on in order to use incus, so essentially root access is required.

Oh i see, just tried it and it worked, thank you

Screenshot from 2024-09-19 21-04-09

cmspam commented 1 month ago

Great! I will append the readme to indicate root access is needed.

talk2drys commented 1 month ago

@cmspam thanks again