search

linuxserver / docker-kasm

Kasm Workspaces platform provides enterprise-class orchestration, data loss prevention, and web streaming technology to enable the delivery of containerized workloads to your browser.
GNU General Public License v3.0
315 stars 28 forks source link

[BUG] mount: /sys/kernel/security: permission denied #43

Closed Piero24 closed 8 months ago

Piero24 commented 10 months ago

Is there an existing issue for this?

Current Behavior

When I try to install the latest version of kasm on casaOS, I get the following error:

Kasm  | [custom-init] No custom files found, skipping...
Kasm  | [ls.io-init] done.
Kasm  | /usr/local/bin/dockerd-entrypoint.sh: 150: modprobe: not found
Kasm  | mount: /sys/kernel/security: permission denied.
Kasm  | Could not mount /sys/kernel/security.
Kasm  | AppArmor detection and --privileged mode might break.
Kasm  | mount: /tmp: permission denied.

Expected Behavior

No response

Steps To Reproduce

Install it from the CasaOS appstore.

The Kasm.yalm file is:

name: linuxserver-kasm
services:
  app:
    cpu_shares: 90
    command: []
    container_name: Kasm
    deploy:
      resources:
        limits:
          memory: 15775M
    environment:
      - DOCKER_HUB_PASSWORD=
      - DOCKER_HUB_USERNAME=
      - DOCKER_MTU=1500
      - KASM_PORT=443
    image: linuxserver/kasm:1.14.0
    labels:
      icon: https://kasm-ci.s3.amazonaws.com/kasm_wide.png
    ports:
      - target: 3000
        published: "3332"
        protocol: tcp
      - target: 443
        published: "443"
        protocol: tcp
    restart: unless-stopped
    volumes:
      - type: bind
        source: /DATA/AppData/kasm/opt
        target: /opt
      - type: bind
        source: /DATA/AppData/kasm/profiles
        target: /profiles
      - type: bind
        source: /dev/input
        target: /dev/input
      - type: bind
        source: /run/udev/data
        target: /run/udev/data
    x-casaos:
      envs:
        - container: KASM_PORT
          description:
            en_us: Specify the port you bind to the outside for Kasm Workspaces.
        - container: DOCKER_HUB_USERNAME
          description:
            en_us: Optionally specify a DockerHub Username to pull private images.
        - container: DOCKER_HUB_PASSWORD
          description:
            en_us: Optionally specify a DockerHub password to pull private images.
        - container: DOCKER_MTU
          description:
            en_us: Optionally specify the mtu options passed to dockerd.
    devices: []
    cap_add: []
    networks:
      - default
    privileged: false
networks:
  default:
    name: linuxserver-kasm_default
x-casaos:
  architectures:
    - amd64
    - arm64
  author: WisdomSky
  category: LinuxServer.io
  description:
    en_us: Kasm Workspaces is ...
  developer: LinuxServer.io
  hostname: ""
  icon: https://kasm-ci.s3.amazonaws.com/kasm_wide.png
  index: /
  main: app
  port_map: "3332"
  scheme: http
  store_app_id: linuxserver-kasm
  tagline:
    en_us: Workspaces is ...
  thumbnail: https://kasm-ci.s3.amazonaws.com/kasm_wide.png
  title:
    custom: ""
    en_us: Kasm

Environment

- OS: Ubuntu 22.04 LTS 
- How docker service was installed: From the casaOS appstore

CPU architecture

x86-64

Docker creation

docker-compose

Container logs

Kasm  | [migrations] started
Kasm  | [migrations] no migrations found
Kasm  | usermod: no changes
Kasm  | ───────────────────────────────────────
Kasm  | 
Kasm  | 
Kasm  |       ██╗     ███████╗██╗ ██████╗ 
Kasm  |       ██║     ██╔════╝██║██╔═══██╗
Kasm  |       ██║     ███████╗██║██║   ██║
Kasm  |       ██║     ╚════██║██║██║   ██║
Kasm  |       ███████╗███████║██║╚██████╔╝
Kasm  |       ╚══════╝╚══════╝╚═╝ ╚═════╝ 
Kasm  | 
Kasm  | 
Kasm  |    Brought to you by linuxserver.io
Kasm  | ───────────────────────────────────────
Kasm  | 
Kasm  | 
Kasm  | To support LSIO projects visit:
Kasm  | https://www.linuxserver.io/donate/
Kasm  | 
Kasm  | 
Kasm  | ───────────────────────────────────────
Kasm  | GID/UID
Kasm  | ───────────────────────────────────────
Kasm  | 
Kasm  | 
Kasm  | User UID:    911
Kasm  | User GID:    911
Kasm  | ───────────────────────────────────────
Kasm  | 
Kasm  | 
Kasm  | [custom-init] No custom files found, skipping...
Kasm  | [ls.io-init] done.
Kasm  | /usr/local/bin/dockerd-entrypoint.sh: 150: modprobe: not found
Kasm  | mount: /sys/kernel/security: permission denied.
Kasm  | Could not mount /sys/kernel/security.
Kasm  | AppArmor detection and --privileged mode might break.
Kasm  | mount: /tmp: permission denied.
Kasm  | /usr/local/bin/dockerd-entrypoint.sh: 150: modprobe: not found
Kasm  | mount: /sys/kernel/security: permission denied.
Kasm  | Could not mount /sys/kernel/security.
Kasm  | AppArmor detection and --privileged mode might break.
Kasm  | mount: /tmp: permission denied.
github-actions[bot] commented 10 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

thelamer commented 10 months ago

This container is a DinD shim it needs privileged mode.

LinuxServer-CI commented 9 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 7 months ago

This issue is locked due to inactivity