-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Linuxserver container not working with --user flag anymore. cap-add is not doing anything. #15313
Comments
I looked into this around a month ago for a different issue, and the change to capabilities ( All that said, I am not opposed to changing the behavior of |
Like you mentioned, this only started happening recently so I think it might be a different issue. It also only happens with linuxserver containers specifically. I ran the jellyfin container image provided by the actually jellyfin team and I am not exactly sure what changed in the linuxserver containers that started causing this issue. |
$ podman run --rm --user bin --cap-add=net_admin fedora capsh --print | grep Current: What container image are you seeing something different? |
I am having issues with recent images of all the linuxserver containers that I use which are radarr, sonarr, bazarr, jellyfin and qbittorrent. The only non linuxserver container that I use is the official jellyfin one which works fine with Release 4.1.0.6175-ls145 is the most working one.
While release 4.1.0.6175-ls146 is the first broken one.
So I am not too experienced with this but I did try to pinpoint what exactly might be the issue. The only difference between the two above releases will be with the linuxserver base image for radarr. As far as I can tell this is the only major commit that happened between the two above releases, linuxserver/docker-baseimage-alpine#93. In this commit s6-overlay was upgraded to v3, s6-overlay was also upgraded in between the two qbittorrent releases mentioned in the op. Not sure if that is very helpful or even accurate but that is the only major changes I can see between the releases. I suppose it will also make sense since all of the linuxserver images, as of late, do no work anymore with the |
A GitHub comment talks about a problematic line
I noticed that there is a difference between the working and the broken container image for that line
(I haven't spent any more time investigating) |
Hi guys I'm having issues with linuxserver/jellyfin I can not get it to start when i docker-compose up the output comes as follows
I can not get this to run when i go with UID & GID |
Could you try it in rootful mode and see if it works. Also could you see if this is an SELinux issue. |
Hi @rhatdan Thank so much for the support I'm so what new some what not reason i say this is i don't understand what you mean can you try and put it in simple terms for me please
|
Hi guys so i can start the docker-compose "Jellyfin" I have tried as core os user "core" as well as root I will not post my docker-compose so maybe someone can test it
|
Put SELinux into permissive mode Test docker-compose. If it works, then you have an SELinux issue. $ sudo docker-compose up If this works then it is a user namespace issue. |
Hi @rhatdan Thank for trying to help me but sadly non of it helped being able to see my media i will add a log below as well as switching back to my default image also thanks for posting the commend that was very easy to read Edited : |
I'm sure you can see for yourself that with the default image works fine so would be nice but idk what to do nothing on the NAS has change noting in the docker has change |
I am also experiencing this issue, only running with |
@rishubn was that mean for me ...? |
@EQUALIT-CG Can you try appending the flag: After trying a few things, adding that flag worked for me:
|
@rishubn |
Meeting same problem on podman 4.2.1 on Fedora 36. |
It seems that LinuxServer.io does not support running their containers with rootless Podman or rootless Docker. It's not mentioned in their official documentation, but it's mentioned in their support forums. I searched for "rootless" in their documentation but didn't find anything: Their web page Where to get support lists two support forums:
quotes from DiscourseI searched for "rootless" and found 8 search results. Some quotes:
quotes from DiscordI signed up for an account in the Discord and searched for "rootless" and found 228 search results. Some quotes:
|
Same issue with Podman 4.3.0 on Fedora CoreOS 37.20221106.3.0
|
The issue was closed with the motivation
In other words using |
I think I can close this issue, then. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
As of recent linuxserver containers have stopped working with the
--user
flag. I believe the proper capabilities are not being added with the cap-add flag. Testing withcapeff
shows that no capabilities are being added. This wasn't always the case, I used to be able to run pods with the '--user' flag with no issues. This is happening with at least the qbittorrent, radarr, sonarr, bazarr and jellyfin images. All images was working fine a few months ago.I am not really sure how to properly diagnose the issue. However, I was able to find the first image released that stopped working with the
--user
tag for the qbittorrent image. It will be image 4.4.3.1-r2-ls202 which make image 4.4.3.1-r1-ls201 to be the last working image.I have no issue running the latest container images without the
--user
flag. Running--cap-drop
and--cap-add
actually do work when not using the--user
flag.Steps to reproduce the issue:
Pull recent linuxserver container image, for example qbittorrent image
Run podman with
--user
flag adding necessary capabilities withcap-add
Describe the results you received:
Unable to access webui. Container does not work.
Output of
podman logs -f qbittorrent
output of
podman top -l capeff
Describe the results you expected:
For the container to work properly, access webui. Example running container with most recent working image
linuxserver/qbittorrent:4.4.3.1-r1-ls201
output of
podman logs -f qbittorrent
output of
podman top -l capeff
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Checked troubleshooting. Have tried most recent github version.
Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: