search

immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
360 stars 102 forks source link

Docker Container will not stop : Permission denied #144

Closed picasso566 closed 2 years ago

picasso566 commented 2 years ago

This is probably a general Docker question, but this is the first time I have run into this issue.

I ran the following from the docs: docker run --detach --publish 8080:9392 -e PASSWORD="Your admin password here" --volume openvas:/data --name openvas immauss/openvas

I set the port and admin password. The container runs fine...
Wait a bit for the database to build, checking the logs...
Do my scans, all work properly... (Thank you so much for this project, the community site scripts didn't work and didn't have time to debug it)

Now I want to shut down the container:
docker stop openvas -> Could not shut down container : permission denied sudo docker stop openvas -> Could not shut down container : permission denied docker stop 1e322f536818 -> Could not shut down container : permission denied sudo docker stop 1e322f536818 -> Could not shut down container : permission denied

All I could do is stop the docker service, which eventually corrupted the postgress db.

How do I shut it down normally? Is it just because it was detached?

TIA

immauss commented 2 years ago

Yes, more a general docker problem I think.

Somethings to look at: AppArmor & SELinux

both can “mysteriously “ deny your permission to things. I don’t know your level of familiarity with Linux, if you need more than that, let me know.

picasso566 commented 2 years ago

Thank you for the extremely quick reply. I had a feeling it was AppArmor. I attempted a removal of AppArmor all together, which was a disaster, so I had to revert to a snapshot.

I will look into this, now that I am sure what to research.

immauss commented 2 years ago

I haven’t used app armor in quite sometime, but there might be some good ideas here.

https://docs.docker.com/engine/security/apparmor/

picasso566 commented 2 years ago

Exactly the page I ended up on during my searches. It is very clear now to me thank you.

Now I just need to come up with the right right policy that allows all the permissions as the docker-default but with the ability to shut it down.

Any clues as to which policy declaration would keep a user from shutting it down?

Edit: I believe my docker install was through snap! If so, I will remove and install from the repo. It's my understanding that this has issues with the existing default policy. I'm on a train in Tokyo right now, so I will know soon.

picasso566 commented 2 years ago

(Facepalm)

apt-fast remove dockereverything (.io containerd etc) add the docker repo and apt-fast install from there (or run their install script)

Start/stop, options, docket network all work fine.

Thank you for you rapid responses and for the excellent repo.