Permission denied when running the docker command

orhun / linuxwave

Generate music from the entropy of Linux 🐧🎵

http://orhun.dev/linuxwave/

MIT License

538 stars 16 forks source link

Permission denied when running the docker command #2

Open pythops opened 1 year ago

pythops commented 1 year ago

Describe the bug

Permission issue when running with the rootless docker or podman.

To reproduce

Have rootless podman configured

Run the following command

podman run --rm -it -v "$(pwd)":/app "orhunp/linuxwave:${TAG:-latest}"

You'll get the error

Reading 96 bytes from /dev/urandom
Saving to output.wav
Error occurred: error.AccessDenied

Expected behavior

Having output.wav in the current directory

Software information

OS: Arch linux
Rootless podman

Additional context

Solution Remove those lines from the Dockerfile

chown 1000:1000 output.wav
USER 1000:1000

Note You can remove -it option for docker or podman, it's not needed

Nice tool, GJ :100:

orhun commented 1 year ago

Hello, thanks for reporting this! 🐻

Remove those lines from the Dockerfile

What do you think the consequences of removing those lines will be? I think in that case the container will be run as root which poses a security risk. How can we have a precaution about that?

You can remove -it option for docker or podman, it's not needed

Thank you! Removed in d06438a25201ec5e2457c28e6322925d64b75034

pythops commented 1 year ago

What kinf of risks you're thinking about ? For rootfull docker/podman, you can create a new user inside a container and run the commands with that user

orhun commented 1 year ago

What kinf of risks you're thinking about ?

Anything that can be run as root could be dangerous. On top of that, we're mounting the current directory via -v "$(pwd)":/app so that's an additional risk. Maybe mounting as :ro is better in this case.

For rootfull docker/podman, you can create a new user inside a container and run the commands with that user

Does that fix this permission issue as well?