search

vogler / free-games-claimer

Automatically claims free games on the Epic Games Store, Amazon Prime Gaming and GOG.
GNU Affero General Public License v3.0
2.21k stars 139 forks source link

Docker: can't access ports on Arch Linux due to seccomp #187

Open malordin opened 10 months ago

malordin commented 10 months ago

Hi! i have 2 virtual machines running docker, on Arch Linux claimer never worked, the VNC port and noVNC do not work or open, logs are empty:

Xvfb display server created screen with resolution 1280x1280
VNC is running on port 5900 (no password!)
noVNC (VNC via browser) is running on http://localhost:6080
2023-08-21 11:51:41.858 started checking epic-games
Not signed in anymore. Please login in the browser or here in the terminal.
Open http://localhost:6080 to login inside the docker container.
Login timeout is 180 seconds!
Press ESC to skip the prompts if you want to login in the browser (not possible in headless mode).
? Enter email ‣  ✖ Enter email ·  timeout
Waiting for you to login in the browser.
page.waitForURL: Timeout 180000ms exceeded.
=========================== logs ===========================
waiting for navigation to "https://store.epicgames.com/en-US/free-games" until "load"
============================================================
    at file:///fgc/epic-games.js:104:16 {
  name: 'TimeoutError'
}
2023-08-21 11:57:49.781 started checking prime-gaming
Not signed in anymore.
Login timeout is 180 seconds!
Press ESC to skip the prompts if you want to login in the browser (not possible in headless mode).
? Enter email ‣  ✖ Enter email ·  timeout
Waiting for you to login in the browser.

here's the docker-compose file:

version: '3.3'
services:
    vogler:
        image: ghcr.io/vogler/free-games-claimer
        ports:
            - "5900:5900"
            - '6080:6080'
        volumes:
            - '/etc/docker/claimer/fgc:/fgc/data'
        environment:
            - NOTIFY='tgram://token/chatid' 
            - SHOW=1
            - WIDTH=1280
            - HEIGHT=1280

If you run the same docker-compose file on ubuntu, claimer works as intended with no problems. What could be the problem?

docker info on arch linux:

Client:
 Version:    24.0.5
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  2.20.2
    Path:     /usr/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 11
  Running: 11
  Paused: 0
  Stopped: 0
 Images: 11
 Server Version: 24.0.5
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 0cae528dd6cb557f7201036e9f43420650207b58.m
 runc version:
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.4.7-zen1-3-zen
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 15.62GiB
 Name: arch-containers
 ID: VV6I:NI27:7BAA:UMQQ:HOYX:D2SG:T4LM:GZHJ:ZLZ5:XKZ3:XKGN:CRMV
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  192.168.0.5:8443
  127.0.0.0/8
 Live Restore Enabled: false

docker info on ubuntu:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.10.0-docker)
  compose: Docker Compose (Docker Inc., v2.15.1)
  scan: Docker Scan (Docker Inc., v0.23.0)

Server:
 Containers: 18
  Running: 11
  Paused: 0
  Stopped: 7
 Images: 25
 Server Version: 20.10.23
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.0-78-generic
 Operating System: Ubuntu 22.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 21.49GiB
 Name: nextcloud-ubuntu-22
 ID: DVYC:GHAX:IZS5:35G7:LNTL:IP6G:PDYK:TJBW:VGMS:LBXH:TQRY:H67S
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
vogler commented 10 months ago

Interesting. Can you access other containers' ports on Arch? docker info has a different seccomp profile on Arch, maybe that's the reason? Try --security-opt seccomp=unconfined, see https://docs.docker.com/engine/security/seccomp/. Maybe this also helps: https://www.reddit.com/r/archlinux/comments/u2dag5/unable_to_access_docker_containers_running_web/

MiguelAngelLV commented 9 months ago

Same problem in Majaro (archlinux)

@malordin you get any advance?

I try with -security-opt seccomp=unconfined but the problem persists

vogler commented 7 months ago

Yea, it probably has to do with this seccomp stuff. It's amazing how many issues crop up with Docker...

vogler commented 6 months ago

Maybe try this seccomp_profile.json from https://playwright.dev/docs/docker#run-the-image