Closed danwilliams closed 1 year ago
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
mkdir: cannot create directory ‘/etc/wireguard’: Invalid argument
suggests there is something wrong with your docker service
Are you using rootless docker by any chance?
The container's init runs as root and should be able to create that folder successfully, as it's a path inside the container.
I have a range of other containers which don't exhibit similar problems. Docker is the primary service on this machine, and runs as root. No changes have been made in this regard from the default Docker installation as per the Docker website.
The error message is indeed a path inside the container, but it appears something is up with the original mkdir
command, and that it is not a permissions issue, due to the "invalid argument" message.
It's very odd, as this file looks correct at a glance:
I believe it's these lines...?
# prepare symlinks
rm -rf /etc/wireguard
mkdir -p /etc/wireguard
ln -s /config/wg0.conf /etc/wireguard/wg0.conf
I don't immediately see a problem with those.
I even cloned and looked at the file in a hex editor to confirm that the line endings and dashes are correct - they are...
The "invalid argument" might be a musl coreutils thing obscuring the real issue (I've seen similar things). I wonder... your Dockerfile is v1 syntax, so I imagine you might test with older versions. I'm using the newer version, with Buildkit. When using overlay2, the layers are read-only... is it possible that the error is because it can't modify the read-only filesystem established in a prior layer...? I've not looked very deeply - it just occurred to me and thought I'd mention it. I'm likely totally wrong... I'll shut up now 🙂
The layers are handled by docker via copy-on-write. It always makes changes in the final and active layer.
Same issue here: https://discourse.linuxserver.io/t/wireguard-error/7409
It seems that the issue is not bound to Docker alone: I'm observing it with Kubernetes + containerd runtime on Debian 12 OS.
Curious that only mkdir call fails, and creating a symlink works fine:
<ran inside running wg container>
root@wg-84f67564cd-n8l7z:/etc# strace mkdir /etc/wireguard
...
mkdir("/etc/wireguard", 0777) = -1 EINVAL (Invalid argument)
...
# Then, try to create it as a symlink
root@wg-84f67564cd-n8l7z:/etc# mkdir /root/q
root@wg-84f67564cd-n8l7z:/etc# ln -s /root/q /etc/wireguard
root@wg-84f67564cd-n8l7z:/etc# cd /etc/wireguard
root@wg-84f67564cd-n8l7z:/etc/wireguard# ls -la
total 18
drwxr-xr-x 2 root root 2 Aug 21 10:15 .
drwx------ 1 root root 4 Aug 21 10:15 ..
Yep I have the exact same issue
@agunal @phsm @radutomy The reply I had from @aptalca was not particularly helpful or showing interest, so I gave up and used a different source. As this has been an open issue for nearly three months despite preventing standard usage, I suggest you also go elsewhere. I don't think there's much likelihood of this being investigated or fixed.
This is not a container issue. It is a docker system issue.
A root process should be able to create a new folder inside of the container filesystem, period. If it can't, there is something seriously wrong with the system.
I'm not sure what you expect from me or how I'm supposed to be more helpful or interested, but the bottom line is, we can't fix an issue we can't reproduce or pinpoint.
With that said, if you're using the wrong storage driver for docker, that could be one reason for filesystem issues. For instance, if your disk is using zfs, you have to use the zfs storage driver in docker: https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems
@danwilliams what did you go with in the end? i'm still looking for alternatives.
@danwilliams what did you go with in the end? i'm still looking for alternatives.
As a workaround you can just mount a docker volume/directory to /etc/wireguard. If the directory is mapped to a host, then it works.
@radutomy I ended up moving to OPNSense, which has a plugin for Wireguard. Works very nicely.
as mentioned above, the setup causing this is NOT a supported docker setup, per docker. this is not something WE can fix, it is something the user with the improper setup must fix. Closing this
Is there any workaround for this issue? I have similar situation but on Debian.
Is there an existing issue for this?
Current Behavior
When starting with a brand-new installation, using Docker on Ubuntu Server, Wireguard exits with error code 1, complaining that
/etc/wireguard/wg0.conf
does not exist. This is despite having just created thewg0.conf
file along with various other files in theconf
directory.Note: The following are very similar (same error message) but they have different setups and it seems explanatory causes. My setup is vanilla Docker with a fresh installation.
Expected Behavior
Presumably it should detect and use the
wg0.conf
file it just created, and not error...?Steps To Reproduce
PUID
andPGID
:docker logs -f wireguard
):Environment
CPU architecture
x86-64
Docker creation
Container logs