search

jlesage / docker-baseimage-gui

A minimal docker baseimage to ease creation of X graphical application containers
MIT License
1.2k stars 179 forks source link

/dev/sr0 permissions #3

Closed grantbevis closed 2 years ago

grantbevis commented 6 years ago

Hi,

I'm trying to correct an issue I've got using this image as a base for a piece of software called dvdisaster. I've managed to get all the build working but I'm struggling with the permissions to /dev/sr0. On the docker host my user with id 1000 is a member of the cdrom group which has rw on /dev/sr0 on my host but the app user inside the container isn't able to access sr0 from my host.

I have then docker exec'd into the container and done usermod -aG cdrom app and reloaded the app and it's then able to access /dev/sr0. I've tried adding the usermod to my Dockerfile but I think this user is made on container start.

Any tips?

Thanks, b3vis

P.S I tried to look through your MakeMKV container to see how you've solved this on that image but was unable to see anything obvious

jlesage commented 6 years ago

You need to detect at runtime (via an init script) the group of the device. This group will become a supplementary group of app user. This is done by setting the SUP_GROUP_IDS environment variable.

You can look at https://github.com/jlesage/docker-handbrake/blob/master/rootfs/etc/cont-init.d/95-check-optical-drive.sh for an example.

grantbevis commented 6 years ago

Weird, so I added SUP_GROUP_IDS=24 for cdrom group and it instantly works, is this untidy to do? Adding the above mentioned 95-check-optical-drive.sh will automatically add the app user to the group right so I don't need to specify SUP_GROUP_IDS=24 or do I need both?

jlesage commented 6 years ago

Using only the script is sufficient. No need to manually sets SUP_GROUP_IDS (via the Dockerfile or docker run command).

grantbevis commented 6 years ago

Got it working now thanks! Once I get it up on here would you mind casting your eyes over it to see if there's anything I could improve?

One last question, the final output on stdout I get from my app is this;

Xlib: extension "RANDR" missing on display ":0".

Is this something to worry about as the app looks fine and works fine too :)

jlesage commented 6 years ago

Sure I can have a look.

I would not worry about the error. Seems to occur eith xvfb.

grantbevis commented 6 years ago

Thanks for the note on the error. Repo is b3vis/docker-dvdisaster