search

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.
MIT License
5.5k stars 370 forks source link

using supervisor in x11docker showing permission denied. #499

Open eshk12 opened 1 year ago

eshk12 commented 1 year ago

Hello, I have a script that I want to run a script when the container starts without freezing the container, so I am using the supervisor tool.

This is my docker file:


FROM x11docker/xfce

WORKDIR /data

RUN apt-get update && apt-get install -y \
    xvfb \
    python3 \
    python3-pip \
    supervisor

COPY startup.sh /usr/local/bin/startup.sh
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf

RUN chmod +x /usr/local/bin/startup.sh
CMD ["/usr/bin/supervisord", "-n"]

supervisord.conf

[program:startup]
command=bash -c "/usr/local/bin/startup.sh"
autostart=true
autorestart=true
startretries=3

And i am trying to run this using this command: x11docker <imagename> --home -xorg

But I am getting this error:

root@ubuntu:~/x11mati# x11docker x11mati --home --xorg
x11docker note: Option --xc for X in container enabled automatically.

x11docker WARNING: Environment variables DISPLAY and WAYLAND_DISPLAY are empty,
  but it looks like x11docker was started within X, not from console.
  Please set DISPLAY and XAUTHORITY.
  If you have started x11docker with su or sudo, su/sudo may be configured to
  unset X environment variables. It may work if you run x11docker with
    sudo -E x11docker [...]
  If your system does not support 'sudo -E', you can try
    sudo env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY x11docker [...]
  Otherwise, you can use tools like gksu/gksudo/kdesu/kdesudo/lxsu/lxsudo.

x11docker note: New X server --xorg :101 will run on tty 8.
  Access it with [CTRL][ALT][F8].

x11docker note: Option --xorg: x11docker assumes that you need
  a window manager. If you don't want this, run with option --desktop.
  Enabling option --wm to provide a window manager.

x11docker note: Options --xorg --xc: Running Xorg in container is experimental
  and might misbehave, fail or crash.
  Please report issues at https://github.com/mviereck/x11docker

x11docker WARNING: x11docker will run Xorg as root.

x11docker note: Option --network=none is set to disable network access.
  If you need network and internet access, set option -I, --network [=NET].

Traceback (most recent call last):
  File "/usr/bin/supervisord", line 33, in <module>
    sys.exit(load_entry_point('supervisor==4.2.2', 'console_scripts', 'supervisord')())
  File "/usr/lib/python3/dist-packages/supervisor/supervisord.py", line 359, in main
    go(options)
  File "/usr/lib/python3/dist-packages/supervisor/supervisord.py", line 369, in go
    d.main()
  File "/usr/lib/python3/dist-packages/supervisor/supervisord.py", line 72, in main
    self.options.make_logger()
  File "/usr/lib/python3/dist-packages/supervisor/options.py", line 1494, in make_logger
    loggers.handle_file(
  File "/usr/lib/python3/dist-packages/supervisor/loggers.py", line 419, in handle_file
    handler = RotatingFileHandler(filename, 'a', maxbytes, backups)
  File "/usr/lib/python3/dist-packages/supervisor/loggers.py", line 213, in __init__
    FileHandler.__init__(self, filename, mode)
  File "/usr/lib/python3/dist-packages/supervisor/loggers.py", line 160, in __init__
    self.stream = open(filename, mode)
PermissionError: [Errno 13] Permission denied: '/var/log/supervisor/supervisord.log'

I am running this command using root access, what am I missing here?

mviereck commented 1 year ago

You are running x11docker as root, but x11docker sets up an unprivileged container user nonetheless. So your supervisor cannot write to /var/log. If you are fine with root for all container commands, you could use root in container, too, with --user=root. If you prefer an unprivileged container for commands other than the supervisor, I'll have a look again.