New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] fatal error: unable to chroot to /usr/local/unbound: Operation not permitted #50
Comments
Hi there, you need to modify your |
Ah, I guessed it would be something simple - but couldn't find it... thanks for the heads up Will try when I get home - had to quickly disassemble my whole DNS architecture to get it running again remotely |
It sounds like you use watchtower. I suggest better not. Here's a good explanation why on the Pi-hole Github readme I hope I was able to solve your issue. Congrats for opening the 50th issue! 🎉 I'm here if you need more assistance. |
...by the way, if you have a |
Sadly both don't resolve the problem, error messages changes though - the path has now "unbound.d" appended |
I have built a new image, are you on 1.19.1-2 already? If so, please show your compose and configs @ThaDaVos |
Yeah I've pulled the latest just a few minutes ago, my compose: docker-compose.yamlversion: "3.9"
volumes:
adguard:
driver: local-persist
driver_opts:
mountpoint: ${ADGUARD_MOUNT}
certification:
driver: local-persist
driver_opts:
mountpoint: ${CERTIFICATION_MOUNT}
unbound_conf:
driver: local-persist
driver_opts:
mountpoint: ${UNBOUND_MOUNT}/conf.d/
unbound_iana:
driver: local-persist
driver_opts:
mountpoint: ${UNBOUND_MOUNT}/iana.d/
unbound_log:
driver: local-persist
driver_opts:
mountpoint: ${UNBOUND_MOUNT}/log.d/
unbound_zones:
driver: local-persist
driver_opts:
mountpoint: ${UNBOUND_MOUNT}/zones.d/
unbound_certs:
driver: local-persist
driver_opts:
mountpoint: ${UNBOUND_MOUNT}/certs.d/
networks:
dns:
ipam:
driver: default
config:
- subnet: 10.5.0.0/24
gateway: 10.5.0.1
services:
adguardhome:
image: ${ADGUARD_HOME_IMAGE}
container_name: adguardhome
restart: always
ports:
# DNS
- 53:53/tcp
- 53:53/udp
# DHCP
- 67:67/udp
- 68:68/udp
# Admin Panel & DNS-over-HTTPS
- 480:80/tcp
- 4443:443/tcp
- 4443:443/udp
- 43000:3000/tcp
# Dns-over-TLS
- 853:853/tcp
# DNS-over-QUIC
- 784:784/udp
- 853:853/udp
- 8853:8853/udp
# DNSCrypt
- 5443:5443/tcp
- 5443:5443/udp
dns:
- 127.0.0.1
- 10.5.0.3
volumes:
- adguard:/opt/adguardhome
- certification:/etc/letsencrypt
networks:
default:
dns:
ipv4_address: 10.5.0.2
depends_on:
unbound:
condition: service_healthy
unbound:
image: ${UNBOUND_IMAGE}
container_name: unbound
restart: always
ports:
- 5335:5335/tcp
- 5335:5335/udp
environment:
TZ: Europe/Amsterdam
volumes:
- ${UNBOUND_MOUNT}/unbound.conf:/usr/local/unbound/unbound.conf:rw
- unbound_conf:/usr/local/unbound/conf.d/:rw
- unbound_iana:/usr/local/unbound/iana.d/:rw
- unbound_log:/usr/local/unbound/log.d/:rw
- unbound_zones:/usr/local/unbound/zones.d/:rw
- unbound_certs:/usr/local/unbound/certs.d/:rw
healthcheck:
test: /usr/local/sbin/healthcheck.sh
interval: 60s
retries: 5
start_period: 15s
timeout: 30s
networks:
dns:
ipv4_address: 10.5.0.3 unbound.conf
|
I see that |
Uhm... I hope your file isn't loaded? |
Something overrides the unbound.conf. Can you It's important that port 53 ain't used as well as localhost. Chroot and username should be empty. |
I just renamed mine and copied yours into it's place - now it boots but says this: Feb 14 19:16:10 unbound[1:0] warning: unbound is already running as pid 1.
Feb 14 19:16:10 unbound[1:0] notice: init module 0: validator
Feb 14 19:16:10 unbound[1:0] notice: init module 1: iterator
Feb 14 19:16:10 unbound[1:0] info: start of service (unbound 1.19.1).
Feb 14 19:16:12 unbound[1:0] error: could not open /iana.d/root.zone.tmp1: No such file or directory So there's a difference between yours and mine which causes the issue |
Got it fixed - |
Ok, good to know. So everything is fine again? |
Hey @ThaDaVos, is it running as expected for you again? |
@madnuttah |
Yes @nick-diama. Please open a new issue in case of further problems. Thanks. |
@madnuttah |
I swear, I've changed the healthcheck script in my local git and pushed the commits. There's the wrong healthcheck script, though. I'll upload a fix. |
So @ThaDaVos, it's done. 🤞 |
I'll check at home if the healthcheck works |
Take your time and thanks for your patience. |
Hi, can the issue be closed @ThaDaVos? |
It takes a moment, but it gets |
Describe the bug
A clear and concise description of what the bug is.
Latest pushed image crashes with
fatal error: unable to chroot to /usr/local/unbound: Operation not permitted
Whole mounted folder is chowned with 1000:1000 - used to work before, but new image just fails to start
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Continueing to work
Screenshots
If applicable, add screenshots to help explain your problem.
Please complete the following information:
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: