search

wouterdebie / locast2tuner

Locast to Emby/Plex/Channels server
https://wouterdebie.github.io/locast2tuner/
MIT License
52 stars 8 forks source link

Unable to start container with a service account #71

Closed armaros closed 3 years ago

armaros commented 3 years ago

The container fails to start when you attempt to run it with a service account due to a permission value on this line https://github.com/wouterdebie/locast2tuner/blob/47cc62e1a4881143c37d7737aca338fcc76ebeb1/src/config.rs#L157

Steps to reproduce the behavior:

  1. On a Debian machine
  2. Create a system user sudo adduser --system locast
  3. Create the locast2tuner config and docker config file in /home/locast and set ownership to the system account chown -R locast:nogroup /home/locast
  4. Get the uid and gid of the new user id locast
  5. In docker compose set the user to be the system account with user: <uid>:<gid> for the system account
  6. Start the container

Logs 

thread 'main' panicked at 'Unable to create directory "/var/empty/.locast2tuner": Os { code: 13, kind: PermissionDenied, mess$
ge: "Permission denied" }', src/config.rs:179:14                                                                              
stack backtrace:                                                                                                              
   0:           0x91ead0 - std::backtrace_rs::backtrace::libunwind::trace::h3eef70d8f61bd364                                  
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/../../backtrace/src/backtrac
e/libunwind.rs:90:5                                                                                                           
   1:           0x91ead0 - std::backtrace_rs::backtrace::trace_unsynchronized::hdb800973714224e8                              
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/../../backtrace/src/backtrac
e/mod.rs:66:5                                                                                                                 
   2:           0x91ead0 - std::sys_common::backtrace::_print_fmt::h27461aa20e7698ec                                          
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/sys_common/backtrace.rs:67:5
   3:           0x91ead0 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hebf5ea6a86cc314
b                                                                                                                             
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/sys_common/backtrace.rs:46:2
2                                                                                                                             
   4:           0x95e89f - core::fmt::write::h4441a937b7e1b475                                                                
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/core/src/fmt/mod.rs:1094:17         
   5:           0x918995 - std::io::Write::write_fmt::h0ff5303ac0545869                                                       
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/io/mod.rs:1580:15           
   6:           0x9209bb - std::sys_common::backtrace::_print::hb745e885b5aa6a5d                                              
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/sys_common/backtrace.rs:49:5
   7:           0x9209bb - std::sys_common::backtrace::print::hd68c9ca4e2a2ce4b                                               
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/sys_common/backtrace.rs:36:9
   8:           0x9209bb - std::panicking::default_hook::{{closure}}::hf4e6910d621f9df1                                       
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/panicking.rs:208:50         
   9:           0x92049d - std::panicking::default_hook::h76827c3ad104d96e                                                    
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/panicking.rs:225:9          
  10:           0x920f6d - std::panicking::rust_panic_with_hook::h3d031148c54b1f39
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/panicking.rs:591:17         
  11:           0x920b67 - std::panicking::begin_panic_handler::{{closure}}::h256c064cccbc9d44                                
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/panicking.rs:497:13         
  12:           0x91ef8c - std::sys_common::backtrace::__rust_end_short_backtrace::hf2447f9118ce1847                          
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/sys_common/backtrace.rs:141$
18                                                                                                                            
  13:           0x920ac9 - rust_begin_unwind                                                                                  
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/std/src/panicking.rs:493:5          
  14:           0x41bab1 - core::panicking::panic_fmt::hceb86924f693208a                                                      
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/core/src/panicking.rs:92:14         
  15:           0x41bba3 - core::result::unwrap_failed::hdc7ce9e88097fff7                                                     
                               at /rustc/c755ee4ce8cae6ea977d65a0288480940db721d9/library/core/src/result.rs:1355:5           
  16:           0x484c65 - locast2tuner::config::Config::from_args_and_file::h1e9c4a5e4239105c                                
  17:           0x4acaff - locast2tuner::main::{{closure}}::h9f18ec02eda4a6ea

Configuration 

version: "3"
services:
  locast2tuner:
    image: ghcr.io/wouterdebie/locast2tuner
    restart: unless-stopped
    user: "123:65534"
    container_name: locast2tuner
    volumes:
      - /home/locast/config.d:/app/config
      # - /home/locast/:/home/locast # workaround
    expose:
      - 6077
    networks:
      - web
    environment:
      - RUST_BACKTRACE=full
      # - HOME=/home/locast # workaround

networks:
  web:
    external: true

Environment Debian 11

Additional context You can work around the issue by manually mounting the service account home directory and setting the Home environment variable.

wouterdebie commented 3 years ago

I'm not a Docker expert, but it seems that the problem is the fact that you create a system user and for some reason the home dir of that user is /var/empty, which is probably wrong. Can you try adding --home /home/locast to your adduser command?

eiddor commented 3 years ago

That might be it, or the user may have to be created inside the container in Dockerfile.

Alternatively, add the locast user to the docker group in /etc/group and run docker-compose as that user.

You'd have to get into a shell in the container to really see what's happening.

wouterdebie commented 3 years ago

@armaros Any update on this?

wouterdebie commented 3 years ago

Closing this issue, because there has been no response