docker fails with cache permission error

[mviereck]

kmuehlbauer wrote:

@mviereck

Sorry, if this is the wrong place to ask.

I'm using docker on my host machine with my user being in the "docker"-group. So I can initiate docker run-commands without using passwords. At the moment I'm stuck with x11docker complaining about:

x11docker ERROR
x11docker ERROR: docker did not start successfully.

and a missing docker.pid-file.

Unfortunately I did not find anything related. Hope you can shed some light.

Update: I'm now using -P switch, but now I get some permission problems.
x11docker.log:
x11docker.txt

[mviereck]

Thanks for your feedback!

I had a look at the logfile and I'm not sure what is going wrong.
The core error message:

==> /user/k.muehlbauer/.cache/x11docker/X105/docker.log <==
docker: Error response from daemon: mkdir /user/k.muehlbauer/.cache: permission denied.

I don't understand why docker wants to create a cache folder that already exists. The logfile shows that /user/k.muehlbauer/.cache/x11docker/X105/share/Xclientcookie was created successfully by x11docker.
I guess docker can not create the cidfile /user/k.muehlbauer/.cache/x11docker/X105/containerID. Somehow it has no read/write access to ~/.cache while x11docker does.
Maybe it is somehow related to your membership of group docker. Maybe docker runs as another user and does not have write permissions to your home folder. Do you have some special setup for docker running it as different user or group?
Edit:
Can you show me the logfile without the -P switch?
/usr/local/bin/x11docker --verbose -- x11docker/xfce start

Can you show me the output of ls -la /user/k.muehlbauer/.cache/x11docker?

I wonder if a file permission change would help, though it should not be needed and I would want to avoid it: chmod -R 666 /user/k.muehlbauer/.cache/x11docker/

Edit2:
I disabled the usage of cidfile in x11docker 3.1.11 as it is not really important now. (It was merely used in older versions). Maybe that will work for you.

[kmuehlbauer]

Thanks for looking into this @mviereck. I'll check this next week.

[kmuehlbauer]

@mviereck

Most likely this is really a permissions problem resulting from serving $HOME-folder from a network-share. I checked with system administration but we found no quick solution to overcome this. So we decided to workaround this by changing x11docker's Cacherootfolder from

Cacherootfolder=$HOME/.cache/x11docker

to a folder located on the local harddisk.

Cacherootfolder=/home/kai/home/.cache/x11docker

After this everything works as expected. So my suggestion would be to have a cmdline-switch to set this folder (or the $HOME) specifically.

$ ls -la /home/kai/home/.cache/x11docker/
insgesamt 24
drwxr-xr-x 3 k.muehlbauer users    39  2. Mai 11:56 .
drwxr-xr-x 3 k.muehlbauer users    23  2. Mai 11:36 ..
drwxr-xr-x 3 k.muehlbauer users   208  2. Mai 11:56 X100
-rw-r--r-- 1 k.muehlbauer users 21968  2. Mai 11:56 x11docker.log

$ ls -la /home/kai/home/.cache/x11docker/X100/
insgesamt 44
drwxr-xr-x 3 k.muehlbauer users  208  2. Mai 11:56 .
drwxr-xr-x 3 k.muehlbauer users   39  2. Mai 11:56 ..
-rw-r--r-- 1 k.muehlbauer users   22  2. Mai 11:56 backgroundpids
-rw-r--r-- 1 k.muehlbauer users 1873  2. Mai 11:56 docker.log
-rw-r--r-- 1 k.muehlbauer users    5  2. Mai 11:56 docker.pid
drwxr-xr-x 2 k.muehlbauer users   69  2. Mai 11:56 share
-rw-r--r-- 1 k.muehlbauer users 7465  2. Mai 11:56 xinit.log
-rw-r--r-- 1 k.muehlbauer users 3673  2. Mai 11:56 xinitrc
-rw-r--r-- 1 k.muehlbauer users 1056  2. Mai 11:56 xorg.xdummy.conf
-rw-r--r-- 1 k.muehlbauer users 3969  2. Mai 11:56 xpraserver.log
-rw------- 1 k.muehlbauer users   53  2. Mai 11:56 Xservercookie
-rw-r--r-- 1 k.muehlbauer users  389  2. Mai 11:56 xterm.log
-rw-r--r-- 1 k.muehlbauer users 2001  2. Mai 11:56 xtermrc

Keep up the good work!

[mviereck]

@kmuehlbauer

So my suggestion would be to have a cmdline-switch to set this folder (or the $HOME) specifically.

You can just set HOME before running x11docker:

HOME=/home/kai/home x11docker [...]

or

export HOME=/home/kai/home
x11docker [...]

Most likely this is really a permissions problem resulting from serving $HOME-folder from a network-share

It seems docker has no access to your network share, even cannot see it exists. I think this is forbidden as docker daemon runs as root and not as user kai. (See ps -e u | grep dockerd). You could allow root access to your network, but I think that is not intended. (Read access would be enough, as docker itself does not create files in $Cacherootfolder now)

I'm using docker on my host machine with my user being in the "docker"-group.

OT: you know that this is a quite insecure setup? Now you can get root access as unprivileged user: docker run --privileged --uid=host --pid=host --net=host -v /:/hostroot:rw imagename. Inside container, chroot into /hostroot and you can do anything evil you can imagine ;-).

Keep up the good work!

Thanks! I will do. :-)

[mviereck]

@kmuehlbauer
I did some major changes in V3.5.0.

So my suggestion would be to have a cmdline-switch to set this folder (or the $HOME) specifically.

There are two commandline switches now, --cachedir to specify $Cacherootfolder and --homedir to specify a directory to share with container as its home folder.

[kmuehlbauer]

@mviereck Thanks again!