Digikam fails to expose ports, hangs on changing shell to abc

[tommyboylab]

Digikam fails to successfully expose the ports it uses and refuses to connect once loaded

Expected Behavior

Digikam should expose its ports and be accessible in the web browser at the default port

Current Behavior

The Digikam container is successfully created with the following logs printed to the console:

[custom-init] No custom services found, skipping...
[migrations] started
[migrations] no migrations found
-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    989
User gid:    189
-------------------------------------
Generating 2048 bit rsa key...
ssl_gen_key_xrdp1 ok
saving to rsakeys.ini
...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
chsh: Shell not changed.
Changing shell for abc.
[custom-init] No custom files found, skipping...

Then nothing happens. Trying to access the container with the web browser fails to connect, nothing indicating any error in the console.

Steps to Reproduce

1. Create container using default docker compose files ( changing UID and GID
2. Let the container successfully create
3. Attempt to visit the container in the web browser
4. See it has failed to connect

Environment

OS: Debain bullseye CPU architecture: x86_64 How docker service was installed: From official docker repo with docker compose I have several other containers on other ports that successfully expose, and Digikam worked in past versions. Just after update it has failed to expose ports. Have removed config files and have reset to default. Still no change

Command used to create docker container (run/create/compose/screenshot)

---
version: "2.1"
services:
  digikam:
    image: lscr.io/linuxserver/digikam:latest
    container_name: digikam
    network_mode: host
    environment:
      - PUID=989
      - PGID=189
      - TZ=America/New_York
    volumes:
      - /Photos:/photos
      - /config:/config
    ports:
      - 3000:3000
    restart: unless-stopped

Docker logs

[custom-init] No custom services found, skipping...
[migrations] started
[migrations] no migrations found
-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    989
User gid:    189
-------------------------------------
Generating 2048 bit rsa key...
ssl_gen_key_xrdp1 ok
saving to rsakeys.ini
...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
chsh: Shell not changed.
Changing shell for abc.
[custom-init] No custom files found, skipping...

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

[tommyboylab]

Tried adding security_opt: - seccomp=unconfined but it didn't do anything to change the output. Stays at the same line

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[thespad]

@tommyboylab please try the latest build and see if it works for you, there was a breaking change in the Arch upstream xdrp packages that caused issues with Digikam and should have been fixed with https://github.com/linuxserver/docker-baseimage-rdesktop/pull/48

[mordrad]

I also got the same Problem. Updated to the newest image today. Any Ideas?

[avephill]

me as well

[thespad]

Please don't just "me too" issues, provide information about your configuration that might help us to identify common cause.

[avephill]

Please don't just "me too" issues, provide information about your configuration that might help us to identify common cause.

Makes sense! My apologies.

using the default docker-compose.yaml on an intel arch linux system

[thespad]

Are you running the container with host/macvlan networking or have you configured IPv6 for your docker networks?

[mordrad]

I`am running the Container on Unraid in Host Networking. No IPv6 though

[thespad]

OK, can you do docker exec <container name> cat /etc/resolv.conf and provide the output.

[mordrad]

# cat /etc/resolv.conf # Generated by dhcpcd from br0.dhcp, br0.ra domain rudel nameserver 192.168.2.1

[thespad]

OK and the same for /etc/hosts

[mordrad]

# cat /etc/hosts # Generated 127.0.0.1 Rudelserver localhost 54.149.176.35 keys.lime-technology.com

[thespad]

And that's inside the container, not on the host? If so that's weird because typically when we've seen this problem it's because localhost is resolving to ::1 in preference to 127.0.0.1 and xrdp only listens on 127.0.0.1 so the startup check fails.

[mordrad]

I jumped inside the Container and ran cat? I think it looks like that cause its Host Networking?

[thespad]

Yeah it will be, it just means I'm not sure why it's failing to start. Do you get the same issue if you run with bridge networking?

[mordrad]

Same thing when running in bridge mode.

chsh: Shell not changed.
Changing shell for abc.
[custom-init] No custom files found, skipping...

[thespad]

OK, ugly hack time then. Can you try the following (fairly complicated but much faster than building a custom image to do it.

Mount the following extra files (files, not folders) with your container:

- ./xrdp-run:/etc/s6-overlay/s6-rc.d/svc-xrdp/run
- ./xrdp-sesman-run:/etc/s6-overlay/s6-rc.d/svc-xrdp-sesman/run

The files both need to be chmod +x, doesn't matter where they are on the host as long as you supply the right paths.

xrdp-run should contain:

#! /usr/bin/execlineb -P

# Move stderr to out so it's piped to logger
fdmove -c 2 1

# Notify service manager when xrdp is up
s6-notifyoncheck -w 500 -c "nc -z 127.0.0.1 3389"

# set env
s6-env DISPLAY=:1

/usr/sbin/xrdp --nodaemon

xrdp-sesman-run should contain:

#! /usr/bin/execlineb -P

# Redirect stderr to stdout.
fdmove -c 2 1

# Notify service manager when xrdp is up
s6-notifyoncheck -w 500 -c "nc -z 127.0.0.1 3350"

/usr/sbin/xrdp-sesman --nodaemon

If that still doesn't work, entirely remove the s6-notifyoncheck lines from both files and test again.

[mordrad]

Thanks for your help. Tested it like you said. Still no changes.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[tommyboylab]

@thespad Unfortunately this is still happening for me with the latest changes. I am not sure what to do as I am afraid of holding onto an old dependency within my containers and will probably need to drop Digikam if this can't be resolved.

Same issue as before:

[migrations] started
[migrations] no migrations found
-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    888
User gid:    124
-------------------------------------
Generating 2048 bit rsa key...
ssl_gen_key_xrdp1 ok
saving to rsakeys.ini
.....+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...+..+......+...+..........+...........+.+..+.......+...+..+................+...+..+.......+..+.+...+...........+.+...+.....+......+...................+.....+....+..+...+.+.........+......+......+...............+......+........+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+....+......+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+......+...+......+....+.....+............+.+............+..+.+..+...+....+...+..+...+.+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+......+.....+..........+......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..............+......+......+...+.......+......+..+.+.....+......+.+........+....+...+............+...+..+.+...........+......+......................+..+...+.......+........+...+...+......+..........+...+..+......+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Changing shell for abc.
chsh: Shell not changed.
[custom-init] No custom files found, skipping...

The ENV Variables that have loaded

HOME | /root
NVIDIA_DRIVER_CAPABILITIES | compute,video,utility
PATH | /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID | 124
PS1 | $(whoami)@$(hostname):$(pwd)\$
PUID | 888
S6_CMD_WAIT_FOR_SERVICES_MAXTIME | 0
S6_STAGE2_HOOK | /docker-mods
S6_VERBOSITY | 1
TERM | xterm
TITLE | DigiKam
TZ | Europe/London

The files mentioned above look like this:

/etc/s6-overlay/s6-rc.d/svc-xrdp-sesman/run

#! /usr/bin/execlineb -P

# Redirect stderr to stdout.
fdmove -c 2 1

# Notify service manager when xrdp is up
s6-notifyoncheck -w 500 -c "nc -z localhost 3350"

/usr/sbin/xrdp-sesman --nodaemon

/etc/s6-overlay/s6-rc.d/svc-xrdp/run

#! /usr/bin/execlineb -P

# Move stderr to out so it's piped to logger
fdmove -c 2 1

# Notify service manager when xrdp is up
s6-notifyoncheck -w 500 -c "nc -z localhost 3389"

# set env
s6-env DISPLAY=:1

/usr/sbin/xrdp --nodaemon

Commenting out the lines with s6 does not change the output

[tommyboylab]

With Additional Verbose in s6

s6-rc: info: service init-keygen successfully started
s6-rc: info: service init-rdesktop: starting
Changing shell for abc.
chsh: Shell not changed.
s6-rc: info: service init-rdesktop successfully started
s6-rc: info: service init-video: starting
s6-rc: info: service init-video successfully started
s6-rc: info: service init-rdesktop-end: starting
s6-rc: info: service init-rdesktop-end successfully started
s6-rc: info: service init-autostart-config: starting
s6-rc: info: service init-autostart-config successfully started
s6-rc: info: service init-rdesktop-web-end: starting
s6-rc: info: service init-rdesktop-web-end successfully started
s6-rc: info: service init-config: starting
s6-rc: info: service init-config successfully started
s6-rc: info: service init-openboxcopy: starting
s6-rc: info: service init-openboxcopy successfully started
s6-rc: info: service init-config-end: starting
s6-rc: info: service init-config-end successfully started
s6-rc: info: service init-mods: starting
s6-rc: info: service init-mods successfully started
s6-rc: info: service init-mods-package-install: starting
s6-rc: info: service init-mods-package-install successfully started
s6-rc: info: service init-mods-end: starting
s6-rc: info: service init-mods-end successfully started
s6-rc: info: service init-custom-files: starting
[custom-init] No custom files found, skipping...
s6-rc: info: service init-custom-files successfully started
s6-rc: info: service init-services: starting
s6-rc: info: service init-services successfully started
s6-rc: info: service svc-xrdp-sesman: starting

[stepir]

subscribed as I'm on the same boat - thanks

[thespad]

Can you please test with thespad/playground:digikam which removes the xrdp startup checks entirely

[stepir]

hi @thespad happy to do it - sorry just struggling figure out the repo for this image? where it's hosted? not on GitHub right?

[thespad]

It's on Docker Hub, so either use it naked or docker.io/thespad/playground:digikam

[stepir]

same behaviour

[migrations] started
[migrations] no migrations found
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/

Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    911
User gid:    911
-------------------------------------

Generating 2048 bit rsa key...

ssl_gen_key_xrdp1 ok

saving to rsakeys.ini

.......+...........+.........+......+...+............+.......+......+.........+............+...........+.......+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+...+..................+.....+...+....+.....+...+...+......+.+...............+..............+...+...+...+.......+........+.+.....+...............+....+...........+.+..+...+.......+..+.........+......+....+..+....+...+.....+......+.+..................+......+.....+............+............+...+.......+..+.+...+.....................+.....+...+.......+......+.....+...+....+.....+.......+......+.....+....+...+.....+...+...+..........+.........+.....+.......+.....+......+.......+........+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+....+...........+....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+.....+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+........+.........+..........+..+....+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Changing shell for abc.
chsh: Shell not changed.
**** adding /dev/dri/renderD128 to video group root with id 0 ****
**** The device /dev/dri/renderD128 does not have group read/write permissions, attempting to fix inside the container.If it doesn't work, you can run the following on your docker host: ****
sudo chmod g+rw /dev/dri/renderD128

**** The device /dev/dri/card0 does not have group read/write permissions, attempting to fix inside the container.If it doesn't work, you can run the following on your docker host: ****
sudo chmod g+rw /dev/dri/card0

[custom-init] No custom files found, skipping...
xrdp-sesman[206]: [INFO ] starting xrdp-sesman with pid 206

[thespad]

Sorry, realised I made a screw up, need to repush the image. I'll let you know once it's built.

[thespad]

OK, repushed.

[stepir]

ok it won't work but at least I have some more output in the console of the container:

[migrations] started
[migrations] no migrations found
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/

Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    911
User gid:    911
-------------------------------------

Generating 2048 bit rsa key...

ssl_gen_key_xrdp1 ok

saving to rsakeys.ini

..+.......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+....+.....+...................+..+....+...+..+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+....+...+...+..+.......+.................+....+..+.......+...+...+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..............+...+...+.....+............+.......+.....+.+..+......+.+.....+.........+....+..+.+...+..+.......+...+.....+............+...+...+....+...+..+.+...........+.........+.......+.....+...+......+.+.........+...+..+....+..............+.+..+....+.........+..+...+................+.....+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+..+.........+..........+.....+..........+...+...+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+......+..+...+.......+..+.............+........+...+..........+......+...........+.......+...+..+.+......+...+...........+.+.....+....+.....+......+......+.......+...+...+.....+....+.....+...+.........+..........+...+.....+.......+.....+...+......+.+......+........+......+.+.....+...+.+......+..............+......+.......+......+.....+....+........+...+......+....+............+..+.+..+....+.....+.+...............+........+............+....+........+......+....+...............+...+..+..................+.........+.............+..+.+.....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Changing shell for abc.
chsh: Shell not changed.
**** adding /dev/dri/renderD128 to video group root with id 0 ****
**** The device /dev/dri/renderD128 does not have group read/write permissions, attempting to fix inside the container.If it doesn't work, you can run the following on your docker host: ****
sudo chmod g+rw /dev/dri/renderD128

**** The device /dev/dri/card0 does not have group read/write permissions, attempting to fix inside the container.If it doesn't work, you can run the following on your docker host: ****
sudo chmod g+rw /dev/dri/card0

[custom-init] No custom files found, skipping...
xrdp-sesman[206]: [INFO ] starting xrdp-sesman with pid 206

xrdp[210]: [INFO ] starting xrdp with pid 210

guacd[214]: INFO:       Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[214]: INFO:       Listening on host 0.0.0.0, port 4822
guacd[214]: INFO:       Guacamole connection closed during handshake
xrdp[210]: [INFO ] address [0.0.0.0] port [3389] mode 1

xrdp[210]: [INFO ] listening to port 3389 on 0.0.0.0

xrdp[210]: [INFO ] xrdp_listen_pp done

Starting guacamole-lite websocket server
listening on *:3000
[guac-init] Auto start not set, application start on login
[ls.io-init] done.
[2023-03-01 13:03:34] [Connection 1]  Client connection open
[2023-03-01 13:03:34] [Connection 1]  Opening guacd connection
[2023-03-01 13:03:34] [Connection 1]  guacd connection open
[2023-03-01 13:03:34] [Connection 1]  Selecting connection type: rdp
[2023-03-01 13:03:34] [Connection 1]  Sending opCode: 6.select,3.rdp;
guacd[214]: INFO:       Creating new client for protocol "rdp"
guacd[214]: INFO:       Connection ID is "$d97c41a9-fa34-4ca1-9e4b-1bc51e052a99"
[2023-03-01 13:03:34] [Connection 1]  Sending opCode: 4.size,4.2320,14.1312?undefined,2.96;
[2023-03-01 13:03:34] [Connection 1]  Sending opCode: 5.audio,9.audio/L16;
[2023-03-01 13:03:34] [Connection 1]  Sending opCode: 5.video;
[2023-03-01 13:03:34] [Connection 1]  Sending opCode: 5.image;
[2023-03-01 13:03:34] [Connection 1]  Server sent handshake: 4.args,13.VERSION_1_1_0,8.hostname,4.port,6.domain,8.username,8.password,5.width,6.height,3.dpi,15.initial-program,11.color-depth,13.disable-audio,15.enable-printing,12.printer-name,12.enable-drive,10.drive-name,10.drive-path,17.create-drive-path,7.console,13.console-audio,13.server-layout,8.security,11.ignore-cert,12.disable-auth,10.remote-app,14.remote-app-dir,15.remote-app-args,15.static-channels,11.client-name,16.enable-wallpaper,14.enable-theming,21.enable-font-smoothing,23.enable-full-window-drag,26.enable-desktop-composition,22.enable-menu-animations,22.disable-bitmap-caching,25.disable-offscreen-caching,21.disable-glyph-caching,16.preconnection-id,18.preconnection-blob,8.timezone,14.recording-path,14.recording-name,24.recording-exclude-output,23.recording-exclude-mouse,22.recording-include-keys,21.create-recording-path,13.resize-method,18.enable-audio-input,9.read-only,16.gateway-hostname,12.gateway-port,14.gateway-domain,16.gateway-username,16.gateway-password,17.load-balance-info
[2023-03-01 13:03:34] [Connection 1]  Sending opCode: 7.connect,0.,9.127.0.0.1,4.3389,0.,3.abc,3.abc,4.2320,14.1312?undefined,2.96,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,12.en-us-qwerty,3.any,4.true,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,0.,14.display-update,0.,0.,0.,0.,0.,0.,0.,0.;
guacd[265]: INFO:       Security mode: Negotiate (ANY)
guacd[265]: INFO:       Resize method: display-update
guacd[265]: INFO:       User "@69df9edf-24eb-4443-b1a0-9672f922b4a3" joined connection "$d97c41a9-fa34-4ca1-9e4b-1bc51e052a99" (1 users now present)
guacd[265]: INFO:       Loading keymap "base"
guacd[265]: INFO:       Loading keymap "en-us-qwerty"
xrdp[210]: [INFO ] Socket 11: AF_INET6 connection received from ::ffff:127.0.0.1 port 47352

xrdp[290]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem

xrdp[290]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem

xrdp[290]: [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|RDP], selected [SSL]

xrdp[290]: [INFO ] Connected client computer name: Guacamole RDP

xrdp[290]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)

xrdp[290]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)

xrdp[290]: [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x04], keyboard_subtype:[0x00], keylayout:[0x00000409]

xrdp[290]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []

xrdp[290]: [INFO ] TLS connection established from ::ffff:127.0.0.1 port 47352: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384

xrdp[290]: [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor

xrdp[290]: [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 7864320 MB cache entries 2000

xrdp[290]: [WARN ] Client Capability: not enough orders supported by client, client wants off screen bitmap but offscreen bitmaps disabled

xrdp[290]: [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini

xrdp[290]: [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file

xrdp[290]: [INFO ] connecting to sesman on 127.0.0.1:3350

xrdp-sesman[206]: [INFO ] Socket 11: AF_INET6 connection received from ::1 port 40612

xrdp[290]: [INFO ] xrdp_wm_log_msg: sesman connect ok

xrdp[290]: [INFO ] sesman connect ok

xrdp[290]: [INFO ] sending login info to session manager. Please wait...

xrdp-sesman[206]: pam_systemd_home(xrdp-sesman:auth): Failed to connect to system bus: No such file or directory
xrdp-sesman[206]: pam_systemd_home(xrdp-sesman:account): Failed to connect to system bus: No such file or directory
xrdp-sesman[206]: [INFO ] Terminal Server Users group is disabled, allowing authentication

xrdp-sesman[206]: [INFO ] ++ created session (access granted): username abc, ip ::ffff:127.0.0.1:47352 - socket: 11

xrdp-sesman[206]: [INFO ] starting Xorg session...

xrdp-sesman[206]: [INFO ] Starting session: session_pid 293, display :10.0, width 2320, height 1312, bpp 24, client ip ::ffff:127.0.0.1:47352 - socket: 11, user name abc

xrdp-sesman[293]: [INFO ] [session start] (display 10): calling auth_start_session from pid 293

xrdp-sesman[206]: [ERROR] sesman_data_in: scp_process_msg failed

xrdp[290]: [INFO ] xrdp_wm_log_msg: login successful for user abc on display 10

xrdp-sesman[293]: pam_systemd_home(xrdp-sesman:session): Failed to connect to system bus: No such file or directory
xrdp-sesman[293]: pam_unix(xrdp-sesman:session): session opened for user abc(uid=911) by (uid=0)
xrdp-sesman[293]: pam_systemd(xrdp-sesman:session): Failed to connect to system bus: No such file or directory
xrdp[290]: [INFO ] login successful for user abc on display 10

sh: line 1: xauth: command not found
xrdp-sesman[206]: [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans

xrdp[290]: [INFO ] loaded module 'libxup.so' ok, interface size 10296, version 4

xrdp[290]: [INFO ] started connecting

X.Org X Server 1.21.1.7
X Protocol Version 11, Revision 0
Current Operating System: Linux QNAPSTEPIR 5.10.60-qnap #1 SMP Thu Jan 12 10:25:38 CST 2023 x86_64
Kernel command line: consoleblank=0 console=/dev/null video=HDMI-A-1:800x600@60 video=HDMI-A-2:800x600@60 video=HDMI-A-3:d intel_iommu=on,igfx_off iommu=pt i915.enable_hd_vgaarb=1 pcie_acs_override=downstream memmap=2M$0x8000000 ramoops.mem_address=0x8000000 ramoops.mem_size=0x200000 ramoops.console_size=0x100000 zswap.enabled=1 zswap.compressor=lz4 BOOT_IMAGE=/boot/bzImage root=/dev/ram0 rw

Current version of pixman: 0.42.2
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: ".xorgxrdp.10.log", Time: Wed Mar  1 12:03:36 2023
(++) Using config file: "/etc/X11/xrdp/xorg.conf"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
xrdp[290]: [INFO ] lib_mod_connect: connecting via UNIX socket

xorgxrdpSetup:
xrdpdevSetup:
rdpmousePlug:
rdpkeybPlug:
rdpIdentify:
rdpDriverFunc: op 10
rdpProbe:
rdpPreInit:
rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
rdpScreenInit: pfbMemory bytes 1920000
rdpScreenInit: pfbMemory 0x7f5996cf2010
rdpSimdInit: assigning yuv functions
rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000306c3 bx 0x03100800 cx 0x7ffafbff dx 0xbfebfbff
rdpSimdInit: sse2 amd64 yuv functions assigned
rdpClientConInit: disconnect idle session after [0] sec
rdpClientConInit: kill disconnected [0] timeout [0] sec
rdpClientConInit: do_touchpad_scroll_hack [0]
rdpXvInit: depth 24
rdpScreenInit: out
rdpCreateScreenResources:
rdpmousePreInit: drv 0x55f308da5650 info 0x55f309046ca0, flags 0x0
rdpmouseControl: what 0
rdpmouseDeviceInit:
rdpmouseCtrl:
rdpRegisterInputCallback: type 1 proc 0x7f599819a2c0
rdpmouseControl: what 1
rdpmouseDeviceOn:
rdpkeybPreInit: drv 0x55f308d91ba0 info 0x55f309049db0, flags 0x0
rdpkeybControl: what 0
rdpkeybDeviceInit:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpRegisterInputCallback: type 0 proc 0x7f5998195920
rdpkeybControl: what 1
rdpkeybDeviceOn:
rdpDeferredRandR:
rdpResizeSession: width 1024 height 768
  calling RRScreenSizeSet
rdpRRScreenSetSize: width 1024 height 768 mmWidth 271 mmHeight 203
rdpRRGetInfo:
  screen resized to 1024x768
  RRScreenSizeSet ok 1
rdpResizeSession: width 2320 height 1312
  calling RRScreenSizeSet
rdpRRScreenSetSize: width 2320 height 1312 mmWidth 614 mmHeight 347
rdpRRGetInfo:
  screen resized to 2320x1312
  RRScreenSizeSet ok 1
rdpClientConGotConnection:
xrdp[290]: [INFO ] lib_mod_log_peer: xrdp_pid=290 connected to X11rdp_pid=295 X11rdp_uid=911 X11rdp_gid=911 client_ip=::ffff:127.0.0.1 client_port=47352

rdpClientConGotConnection: g_sck_accept ok new_sck 9
rdpClientConGetConnection: idle_disconnect_timeout set to non-positive value, idle timer turned off
rdpAddClientConToDev: adding first clientCon 0x55f30905f140
rdpClientConProcessMsgVersion: version 0 0 0 1
rdpClientConProcessScreenSizeMsg: set width 2320 height 1312 bpp 16
xrdp[290]: [INFO ] connected ok

rdpClientConAllocateSharedMemory: shmemid 0 shmemptr 0x7f5989ac9000 bytes 6087680
rdpClientConProcessMsgClientInput: invalidate x 0 y 0 cx 2320 cy 1312
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
xrdp-sesman[294]: [INFO ] Found X server running at /tmp/.X11-unix/X10

xrdp-sesman[293]: [INFO ] Found X server running at /tmp/.X11-unix/X10

xrdp-sesman[293]: [INFO ] Session started successfully for user abc on display 10

xrdp-sesman[300]: [INFO ] Starting the xrdp channel server for display 10

xrdp-sesman[293]: [INFO ] Session in progress on display 10, waiting until the window manager (pid 294) exits to end the session

Global configuration:
    UseUnixSocket (derived):   true

Security configuration:
    RestrictOutboundClipboard: none
    RestrictInboundClipboard:  none

Chansrv configuration:
    EnableFuseMount            true
    FuseMountName:             thinclient_drives
    FileMask:                  077
    Nautilus 3 Flist Format:   false
chansrv::main: using log file [/config/.local/share/xrdp/xrdp-chansrv.10.log]
/config/startwm.sh: line 5: /dev/null: Permission denied
E: [pulseaudio] main.c: Daemon startup failed.
rdpClientConProcessMsgClientInfo:
  got client info bytes 7072
  jpeg support 0
  offscreen support 0
  offscreen size 0
  offscreen entries 0
  client supports glyph cache but server disabled
  client can not do offscreen to offscreen blits
  client can do new(color) cursor
  client can not do multimon
rdpRRSetRdpOutputs: numCrtcs 0 numOutputs 0 monitorCount 0
rdpRRSetRdpOutputs: add output 0 left 0 top 0 width 2320 height 1312
rdpLoadLayout: keylayout 0x00000409 variant  display 10
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
xrdp-sesman[293]: [WARN ] Window manager (pid 294, display 10) exited with non-zero exit code 1 and signal 0. This could indicate a window manager config problem

fuse: failed to open /dev/fuse: Permission denied
(EE) Failed to open authorization file ".Xauthority": No such file or directory
fuse: failed to open /dev/fuse: Permission denied
fuse: failed to open /dev/fuse: Permission denied
xrdp-sesman[293]: [WARN ] Window manager (pid 294, display 10) exited quickly (0 secs). This could indicate a window manager config problem

xrdp-sesman[293]: [INFO ] Calling auth_stop_session and auth_end from pid 293

xrdp-sesman[293]: pam_unix(xrdp-sesman:session): session closed for user abc
xrdp-sesman[293]: [INFO ] Terminating X server (pid 295) on display 10

xrdp-sesman[293]: [INFO ] Terminating the xrdp channel server (pid 300) on display 10

rdpmouseControl: what 2
rdpmouseDeviceOff:
rdpkeybControl: what 2
rdpkeybDeviceOff:
xorgxrdpDamageDestroy:
rdpkeybControl: what 3
rdpkeybUnInit: drv 0x55f308d91ba0 info 0x55f309049db0, flags 0x0
rdpUnregisterInputCallback: proc 0x7f5998195920
rdpmouseControl: what 3
rdpmouseUnInit: drv 0x55f308da5650 info 0x55f309046ca0, flags 0x0
rdpUnregisterInputCallback: proc 0x7f599819a2c0
rdpCloseScreen:
xorgxrdpDownDown:
xorgxrdpDownDown: 1
rdpClientConDeinit:
rdpClientConDeinit: disconnecting clientCon
rdpClientConDisconnect:
rdpRemoveClientConFromDev: removing clientCon 0x55f30905f140
rdpClientConDeinit: deleting file /tmp/.xrdp/xrdp_display_10
rdpClientConDeinit: deleting file /tmp/.xrdp/xrdp_disconnect_display_10
(II) Server terminated successfully (0). Closing log file.
xrdp[290]: [ERROR] SSL_shutdown: Failure in SSL library (protocol error?)

xrdp-sesman[293]: [INFO ] X server on display 10 (pid 295) returned exit code 0 and signal number 0

xrdp[290]: [ERROR] SSL: error:0A000123:SSL routines::application data after close notify

xrdp-sesman[293]: [INFO ] xrdp channel server for display 10 (pid 300) exit code 0 and signal number 0

guacd[265]: INFO:       RDP server closed connection: Manually logged off.
xrdp-sesman[293]: [INFO ] cleanup_sockets:

guacd[265]: INFO:       Internal RDP client disconnected
guacd[265]: INFO:       User "@69df9edf-24eb-4443-b1a0-9672f922b4a3" disconnected (0 users remain)
guacd[265]: INFO:       Last user of connection "$d97c41a9-fa34-4ca1-9e4b-1bc51e052a99" disconnected
xrdp-sesman[206]: [INFO ] Process 293 has exited

xrdp-sesman[206]: [INFO ] ++ terminated session:  username abc, display :10.0, session_pid 293, ip ::ffff:127.0.0.1:47352 - socket: 11

guacd[214]: INFO:       Connection "$d97c41a9-fa34-4ca1-9e4b-1bc51e052a99" removed.
[2023-03-01 13:03:37] [Connection 1]  Closing connection with error:  1000
[2023-03-01 13:03:37] [Connection 1]  Closing guacd connection
[2023-03-01 13:03:37] [Connection 1]  Client connection closed
E: [pulseaudio] main.c: Daemon startup failed.
E: [pulseaudio] main.c: Daemon startup failed.
E: [pulseaudio] main.c: Daemon startup failed.
Closing all connections and exiting...
E: [pulseaudio] main.c: Daemon startup failed.

[thespad]

When you say doesn't work can you be more specific? Won't connect at all? Connects and disconnects? Connects but blank screen? etc.

[stepir]

just a white screen

[stepir]

actually initially is black

[thespad]

Are you running with security_opt: - seccomp=unconfined / --security_opt seccomp=unconfined?

[stepir]

yes - I believe on QNAP it's the same as running privilege mode

it used to work in this way and if remove the flag I have the following error in fact:

[thespad]

It's not the same as running in privileged mode, which is essentially running the container with full access to the host and rarely a sensible approach.

But privileged is a superset of unconfined seccomp so it's not that casuing the problem (but it could be something QNAP related, I don't have a unit to test with).

[stepir]

ok I can manually run the container with

security_opt: - seccomp=unconfined / --security_opt seccomp=unconfined

let me try

[stepir]

eureka!

let me do some more testing - want to revert to a standard image with seccomp=unconfined - I'll provided feedback

[stepir]

@thespad and @tommyboylab I'm very sorry - I only trashed your thread and this issue.

Probably while recomposing the container with a fresh image I simply forgot about seccomp=unconfined

I tested now and I'm able to run also linuxserver/digikam:latest

[tommyboylab]

@stepir It's no problem. Happy to hear you managed to get it running.. it's the best program for managing a large db of images IMO (that, and exiftool)

@thespad The changes you made to your container seem to have worked.. It's running without any additional configuration on my side. 🙇🏼

Are these changes something that could be added to the base image? Or are they something that might create a vulnerability with this and other images on the same base? I'm happy with an ENV to disable checks or additional steps I would need to do to get the image running if I update.

[thespad]

All I did was remove the service readiness checks from the image.

Just had a thought, can you try running the existing latest image without network_mode: host and see if it makes a difference?

We've had problems with some hosts where localhost resolves to both the IPv4 & IPv6 loopback but prefers the latter, and so the readiness check is trying to run against the :: interface which xrdp isn't listening on.

[tommyboylab]

Hello again @thespad I tried using host mode Bridge but was unable to access the container with the ports printed to the console.

I'm not entirely sure what the best option would be to override the files in the container. I've tried the steps above to remove the lines s6-notifyoncheck -w 500 -c "nc -z 127.0.0.1 3350" with nano from within the container but it still seem to fail at the same result. I'm fine doing a post-install modification with update; it just doesn't seem to work.

These are the files I'm modifying :

etc/s6-overlay/s6-rc.d/svc-xrdp/run
etc/s6-overlay/s6-rc.d/svc-xrdp-sesman/run

[thespad]

Don't set a network_mode at all, just remove the statement from your compose and leave the ports in there. Then you should be able t connect on http port 3000.

If you want to modify stuff you've need to also update the service files from https://github.com/linuxserver/docker-baseimage-rdesktop-web/tree/3.17/root/etc/s6-overlay/s6-rc.d

[tommyboylab]

Thank you for your help @thespad Unfortunately I'm having an issue creating the container without assigning the network. Most likely it's a conflict with my other containers within my stack and their assignment to networks.

I'll try and update the service files from root/etc/

This happens with the following compose file:

---
version: "2.1"
services:
  digikam:
    image: lscr.io/linuxserver/digikam:latest
    container_name: digikam
    environment:
      - PUID=999
      - PGID=250
      - TZ=Europe/London
    volumes:
      - /photos/Digikam:/config
      - /photos:/photos
    ports:
      - 3000:3000 #optional
    restart: unless-stopped

Network digikam_default 
Creating Network digikam_default
 Error failed to create network digikam_default: 
Error response from daemon: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

[thespad]

That's docker being inefficient with network address space allocation (gives every new network a /16 by default which is way too big).

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions[bot]]

This issue is locked due to inactivity