search

weserv / images

Source code of wsrv.nl (formerly images.weserv.nl), to be used on your own server(s).
https://wsrv.nl/
BSD 3-Clause "New" or "Revised" License
1.84k stars 187 forks source link

Podman and the WeservImages Docker Image #364

Closed mckraemer closed 1 year ago

mckraemer commented 1 year ago

Hi,

I have run your image for some time on docker, everything worked flawless. Do to the switch to CentOS I replaced docker with podman. I tried to setup you image again but with the following result:

podman run -d --network=caddy --restart unless-stopped --shm-size=1gb --name=imagesweserv1 ghcr.io/weserv/images:5.x

nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
nginx: [emerg] open() "/var/log/nginx/weserv-access.log" failed (13: Permission denied)
kleisauke commented 1 year ago

I could not reproduce this with Podman version 4.3.1 on Fedora 37 using:

$ podman run -d -p 8080:80 --shm-size=1gb --name=weserv ghcr.io/weserv/images:5.x

Do you have SELinux enabled on the host? If so, could you try running the container with --security-opt label=disable and/or --group-add tty?

Note that these files are forwarded to the OCI-compliant container runtime (Podman, Docker, etc.) log collector (i.e. stdout/stderr), so hence my question about SELinux and the mention of these options. https://github.com/weserv/images/blob/faaaed8bc3ef99e5735b7990cd7d0c3c39ed5d67/docker/Dockerfile#L66-L68

(As far as I know, the official nginx and Apache Docker images do the same thing, so it's presumably reproducible on those images as well)

mckraemer commented 1 year ago

Your guess was right. The error was up to SELinux.