Can't install on debian12

[siwee]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Hi,

The 2024-02 version cannot be installed on debian12, error log: Error response from daemon: error creating overlay mount to /var/lib/docker/overlay2/3deb6488a2c30ff5a4b7c0f655f1d6dd1d5a54b4296c45e8bb0a32c18c80c750/merged: invalid argument

SELinux status:

root@mail:~# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             default
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

Check if docker has SELinux support enabled

root@mail:~# docker info | grep selinux
  selinux
root@mail:~#

Install output

root@mail:/opt/mailcow-dockerized# ./generate_config.sh
Found Docker Compose Plugin (native).
Setting the DOCKER_COMPOSE_VERSION Variable to native
Notice: You´ll have to update this Compose Version via your Package Manager manually!
Press enter to confirm the detected value '[value]' where applicable or enter a custom value.
Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: <mydomain>
Timezone [Asia/Shanghai]:
Which branch of mailcow do you want to use?

Available Branches:
- master branch (stable updates) | default, recommended [1]
- nightly branch (unstable updates, testing) | not-production ready [2]
Choose the Branch with it´s number [1/2] 1
Already on 'master'
Your branch is up to date with 'origin/master'.
Generating snake-oil certificate...
.+........+.+.....+.........+......+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+...+.........+...+.................+.+..+.......+...+..+.......+.......................+...+...............+...+.+.........+..+...+.......+.....+.................................+.+........+.+..............+...+.........+.........+.......+...+..+...+.........+.......+...+........+....+...+...+.....+....+...+..+...................+.........+..+...................+..........................+...+......+.+...+............+...+..+.+..+......+...............+....+.................+....+...........+......+.............+..+...+....+.....+................+.................+............................+..+...+....+...+.....+.........+.............+...+..+...+.......+..+.+........+.+......+...+..+...+............+.......+..+...............+...+......................+...+......+......+...+..+..................+...+....+...+..+......+...+............+.......+.....+.+......+...+..+..........+......+..+.+..+...................+.....+.+..............+.+..............+....+..............+.+.........+...........+................+...+.....+.......+........+......+............+...+.+.....+.+........................+........+...+....+........+...+....+.........+...........+...............+.+........+.+...+..................+...+..............+...+...+....+...+...+......+.....+....+.....+.......+..+......+....+.....+.......+.....+..................+.....................+.+.........+..+.........+..........+......+.....+....+...+..+..........+...........+......................+..+...+.......+.........+..+...+......+....+.....................+.....+................+........+............+....+.........+..+...+.+...+.....+...+....+......+........+.........+.+.........+...+........+...............+.........+...+....+.....+.............+.....+......+.+.........+......+......+............+...+..+................+...............+...........+...+.+............+..+.......+...+......+............+..............+......+...+......+..................+.+..+.........+.........+....+............+....................+.........+....+.....+...+..................+....+...+.................+...........................+....+...........+...+...+..........+.....+...+...............+......+.............+..+.........+...............+.........+.......+...........+.........+.+.....+.........+.............+..+....+..+....+...+.......................+....+...+..................+.........+...+..+...................+..+...+......+.........................+......+...+......+....................+...+...+.........+.+.........+.....+.............+...+............+......+.....+............+...+....+...+...+.....+...............+.......+.....+...+.+....................+.+.....+....+..................+...+...+..+............+............................+..+..........+..+.+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....................+..+.+...........+.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+........+...+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Copying snake-oil certificate...
Detecting if your IP is listed on Spamhaus Bad ASN List...
Check completed! Your IP is clean
root@mail:/opt/mailcow-dockerized#
root@mail:/opt/mailcow-dockerized#
root@mail:/opt/mailcow-dockerized# docker compose pull
[+] Pulling 160/19
 ✔ mysql-mailcow 8 layers [⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                 95.0s
 ✔ clamd-mailcow 5 layers [⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                    67.6s
 ✔ memcached-mailcow 5 layers [⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                27.1s
 ✔ ipv6nat-mailcow 4 layers [⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                   40.7s
 ✔ unbound-mailcow 5 layers [⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                  18.1s
 ✔ olefy-mailcow 3 layers [⣿⣿⣿]      0B/0B      Pulled                                                                                                                                      84.2s
 ✔ redis-mailcow 6 layers [⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                   55.8s
 ✔ nginx-mailcow 7 layers [⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                  66.8s
 ✔ watchdog-mailcow 3 layers [⣿⣿⣿]      0B/0B      Pulled                                                                                                                                   66.0s
 ✔ solr-mailcow 15 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                          94.6s
 ✔ netfilter-mailcow 5 layers [⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                78.6s
 ✔ dockerapi-mailcow 7 layers [⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                              81.2s
 ✔ rspamd-mailcow 6 layers [⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                  43.3s
 ✔ postfix-mailcow 11 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                           83.9s
 ✔ ofelia-mailcow 2 layers [⣿⣿]      0B/0B      Pulled                                                                                                                                      37.2s
 ✔ sogo-mailcow 10 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                               87.8s
 ✔ acme-mailcow 7 layers [⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                   74.4s
 ✔ dovecot-mailcow 20 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                  74.8s
 ✔ php-fpm-mailcow 12 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                          92.1s
root@mail:/opt/mailcow-dockerized#
root@mail:/opt/mailcow-dockerized# docker compose up -d
[+] Running 0/19
 ⠋ Network mailcowdockerized_mailcow-network              Created                                                                                                                            0.9s
 ⠇ Volume "mailcowdockerized_sogo-web-vol-1"              Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_vmail-vol-1"                 Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_vmail-index-vol-1"           Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_rspamd-vol-1"                Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_mysql-socket-vol-1"          Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_redis-vol-1"                 Created                                                                                                                            0.7s
 ⠇ Volume "mailcowdockerized_sogo-userdata-backup-vol-1"  Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_crypt-vol-1"                 Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_solr-vol-1"                  Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_postfix-vol-1"               Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_mysql-vol-1"                 Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_clamd-db-vol-1"              Created                                                                                                                            0.7s
 ⠧ Container mailcowdockerized-dockerapi-mailcow-1        Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-unbound-mailcow-1          Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-olefy-mailcow-1            Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-memcached-mailcow-1        Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-sogo-mailcow-1             Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-netfilter-mailcow-1        Creating                                                                                                                           0.7s
Error response from daemon: error creating overlay mount to /var/lib/docker/overlay2/3deb6488a2c30ff5a4b7c0f655f1d6dd1d5a54b4296c45e8bb0a32c18c80c750/merged: invalid argument
root@mail:/opt/mailcow-dockerized#

Logs:

root@mail:/opt/mailcow-dockerized# docker compose up -d
[+] Running 0/19
 ⠋ Network mailcowdockerized_mailcow-network              Created                                                                                                                            0.9s
 ⠇ Volume "mailcowdockerized_sogo-web-vol-1"              Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_vmail-vol-1"                 Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_vmail-index-vol-1"           Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_rspamd-vol-1"                Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_mysql-socket-vol-1"          Created                                                                                                                            0.8s
 ⠇ Volume "mailcowdockerized_redis-vol-1"                 Created                                                                                                                            0.7s
 ⠇ Volume "mailcowdockerized_sogo-userdata-backup-vol-1"  Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_crypt-vol-1"                 Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_solr-vol-1"                  Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_postfix-vol-1"               Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_mysql-vol-1"                 Created                                                                                                                            0.7s
 ⠧ Volume "mailcowdockerized_clamd-db-vol-1"              Created                                                                                                                            0.7s
 ⠧ Container mailcowdockerized-dockerapi-mailcow-1        Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-unbound-mailcow-1          Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-olefy-mailcow-1            Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-memcached-mailcow-1        Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-sogo-mailcow-1             Creating                                                                                                                           0.7s
 ⠧ Container mailcowdockerized-netfilter-mailcow-1        Creating                                                                                                                           0.7s
Error response from daemon: error creating overlay mount to /var/lib/docker/overlay2/3deb6488a2c30ff5a4b7c0f655f1d6dd1d5a54b4296c45e8bb0a32c18c80c750/merged: invalid argument

Steps to reproduce:

1. Install and enable selinux

# apt install selinux-basics selinux-policy-default auditd
# selinux-activate
# shutdown -r now

Check selinux status

sestatus

2. Install docker

   curl -sSL https://get.docker.com/ | CHANNEL=stable sh

3. Enable selinux support for docker

Edit /etc/docker/daemon.json and add "selinux-enabled": true.

4. Check if docker has SELinux support enabled

docker info | grep selinux

5. Install mailcow

$ su
# umask
0022 # <- Verify it is 0022
# cd /opt
# git clone https://github.com/mailcow/mailcow-dockerized
# cd mailcow-dockerized

6. Initialize mailcow

Generate a configuration file. Use a FQDN (host.domain.tld) as hostname when asked.

./generate_config.sh

7. Start mailcow

docker-compose pull
docker-compose up -d

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 12

Server/VM specifications:

4

Is Apparmor, SELinux or similar active?

yes

Virtualization technology:

KVM

Docker version:

25.0.3

docker-compose version or docker compose version:

v2.24.6

mailcow version:

2024-02

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..e16256c9 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn:

root@mail:/opt/mailcow-dockerized# ip6tables -L -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

root@mail:/opt/mailcow-dockerized# iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  249 12626 DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn -t nat:

root@mail:/opt/mailcow-dockerized# ip6tables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

DNS check:

root@mail:/opt/mailcow-dockerized# docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
Error response from daemon: No such container: dig

[siwee]

I can successfully install mailcow on Ubuntu 22.04 using the same steps, so does it mean that Mailcow is not compatible on Debian 12?

[milkmaker]

THIS IS A AUTOMATED MESSAGE!

It seems your issue is not a bug. Therefore we highly advise you to get support!

You can get support either by:

• ordering a paid support contract at Servercow (Directly from the developers) or
• using the community forum (Based on volunteers! NO guaranteed answer) or
• using the Telegram support channel (Based on volunteers! NO guaranteed answer)

This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened.