subject:"Bug#992582\: docker.io\: Little problem in the dockerd\-rootless\-setuptool.sh script prevents successful rootless setup"

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

2022-11-07 Thread Alexis Murzeau


Hi,

I found that doing this as root is sufficient to make the script work:
ln -s /usr/bin/docker /usr/share/docker.io/contrib/docker


This way, the script won't stop with an error at line 336:
DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" $BIN/docker version

Here in the script, $BIN points to /usr/share/docker.io/contrib.

Maybe this symbolic link can be added ?
This should be a light enough modification for no maintenance burden.



Also, is there a specific reason to not put this script in /usr/bin ?
Upstream docker is doing that in their .deb packages, both
dockerd-rootless-setuptool.sh and dockerd-rootless.sh are in /usr/bin,
so I guess these scripts expect this to work as-is.
That's at least also a way to solve this issue too.

--
Alexis Murzeau
PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F|


OpenPGP_signature
Description: OpenPGP digital signature

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

2021-08-20 Thread Igor Matheus Andrade Torrente





On 8/20/21 12:01 PM, Shengjing Zhu wrote:

On Fri, Aug 20, 2021 at 9:39 PM Igor Torrente  wrote:


Package: docker.io
Version: 20.10.5+dfsg1-1+b5
Severity: important
Tags: patch upstream

Dear maintainers,

I found a little issue in the dockerd-rootless-setuptool.sh installation script.
The fix (or workaround) will be sent in this email.

AFAIK this script is based on the official docker script. But the original 
script assumes
that the docker binary will be in the same folder as the dockerd-rootless.sh.
And this is not the case in the Debian package.

Here is my patch to solve this problem

--- /usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh  2021-08-20 
10:08:53.200580743 -0300
+++ /usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh  2021-08-20 
10:15:46.489616241 -0300
@@ -55,12 +55,13 @@
 exit 1
 fi

-   # set BIN
-   if ! BIN="$(command -v "$DOCKERD_ROOTLESS_SH" 2> /dev/null)"; then
+   # set BIN and ROOTLESS_BIN
+   if ! ROOTLESS_BIN="$(command -v "$DOCKERD_ROOTLESS_SH" 2> /dev/null)"; 
then
 ERROR "$DOCKERD_ROOTLESS_SH needs to be present under \$PATH"
 exit 1
 fi
-   BIN=$(dirname "$BIN")
+   ROOTLESS_BIN=$(dirname "$ROOTLESS_BIN")
+   BIN="/usr/bin/"

 # set SYSTEMD
 if systemctl --user show-environment > /dev/null 2>&1; then
@@ -294,7 +295,7 @@

 [Service]
 Environment=PATH=$BIN:/sbin:/usr/sbin:$PATH
-   ExecStart=$BIN/dockerd-rootless.sh 
$DOCKERD_ROOTLESS_SH_FLAGS
+   ExecStart=$ROOTLESS_BIN/dockerd-rootless.sh 
$DOCKERD_ROOTLESS_SH_FLAGS
 ExecReload=/bin/kill -s HUP \$MAINPID
 TimeoutSec=0
 RestartSec=2

I also had a problem with kernel modules, so I had to add them manually. I'm 
not sure how useful
they would be in other types of installation, but Maybe worth add them to the 
installation script.



I know by default dockerd-rootless-setuptool.sh refuses to run and
wants the user to add /usr/share/docker.io/contrib/ to PATH.
However this script is just copied from upstream without change.

I'm not sure we shall patch it. But a simple workaround is run it like:

   PATH=/usr/share/docker.io/contrib/:$PATH dockerd-rootless-setuptool.sh



I know that we should always avoid an out-of-three/downstream patch. But 
for me, at least, I had to apply the change and the PATH workaround.


Because of this line(~336):
DOCKER_HOST="unix://$XDG_RUNTIME_DIR/docker.sock" $BIN/docker version


And now I noticed that this patch above could be simplified...


--- /dev/null   2021-08-20 08:47:56.012087970 -0300
+++ /etc/modprobe.d/overlay.conf2021-08-19 19:35:17.535171578 -0300
@@ -0,0 +1,2 @@
+# Debian-specific kernel patch, introduced in Debian 10 to the overlay2 
storage driver
+options overlay permit_mounts_in_userns=1



This is actually broken, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969223
You'd better to install fuse-overlayfs and use that.


As I far as I understood, this shouldnt be a problem in the way that I 
use docker. But thanks for the tip.





---  /etc/modules-load.d/modules.con2021-08-20 10:25:11.522661268 -0300
+++ /etc/modules-load.d/modules.conf2021-08-19 19:41:25.866695920 -0300
@@ -2,3 +2,4 @@
  #
  # This file contains the names of kernel modules that should be loaded
  # at boot time, one per line. Lines beginning with "#" are ignored.
+br_netfilter

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

2021-08-20 Thread Shengjing Zhu

On Fri, Aug 20, 2021 at 9:39 PM Igor Torrente  wrote:
>
> Package: docker.io
> Version: 20.10.5+dfsg1-1+b5
> Severity: important
> Tags: patch upstream
>
> Dear maintainers,
>
> I found a little issue in the dockerd-rootless-setuptool.sh installation 
> script.
> The fix (or workaround) will be sent in this email.
>
> AFAIK this script is based on the official docker script. But the original 
> script assumes
> that the docker binary will be in the same folder as the dockerd-rootless.sh.
> And this is not the case in the Debian package.
>
> Here is my patch to solve this problem
>
> --- /usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh  2021-08-20 
> 10:08:53.200580743 -0300
> +++ /usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh  2021-08-20 
> 10:15:46.489616241 -0300
> @@ -55,12 +55,13 @@
> exit 1
> fi
>
> -   # set BIN
> -   if ! BIN="$(command -v "$DOCKERD_ROOTLESS_SH" 2> /dev/null)"; then
> +   # set BIN and ROOTLESS_BIN
> +   if ! ROOTLESS_BIN="$(command -v "$DOCKERD_ROOTLESS_SH" 2> 
> /dev/null)"; then
> ERROR "$DOCKERD_ROOTLESS_SH needs to be present under \$PATH"
> exit 1
> fi
> -   BIN=$(dirname "$BIN")
> +   ROOTLESS_BIN=$(dirname "$ROOTLESS_BIN")
> +   BIN="/usr/bin/"
>
> # set SYSTEMD
> if systemctl --user show-environment > /dev/null 2>&1; then
> @@ -294,7 +295,7 @@
>
> [Service]
> Environment=PATH=$BIN:/sbin:/usr/sbin:$PATH
> -   ExecStart=$BIN/dockerd-rootless.sh 
> $DOCKERD_ROOTLESS_SH_FLAGS
> +   ExecStart=$ROOTLESS_BIN/dockerd-rootless.sh 
> $DOCKERD_ROOTLESS_SH_FLAGS
> ExecReload=/bin/kill -s HUP \$MAINPID
> TimeoutSec=0
> RestartSec=2
>
> I also had a problem with kernel modules, so I had to add them manually. I'm 
> not sure how useful
> they would be in other types of installation, but Maybe worth add them to the 
> installation script.
>

I know by default dockerd-rootless-setuptool.sh refuses to run and
wants the user to add /usr/share/docker.io/contrib/ to PATH.
However this script is just copied from upstream without change.

I'm not sure we shall patch it. But a simple workaround is run it like:

  PATH=/usr/share/docker.io/contrib/:$PATH dockerd-rootless-setuptool.sh

> --- /dev/null   2021-08-20 08:47:56.012087970 -0300
> +++ /etc/modprobe.d/overlay.conf2021-08-19 19:35:17.535171578 -0300
> @@ -0,0 +1,2 @@
> +# Debian-specific kernel patch, introduced in Debian 10 to the overlay2 
> storage driver
> +options overlay permit_mounts_in_userns=1
>

This is actually broken, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969223
You'd better to install fuse-overlayfs and use that.

> ---  /etc/modules-load.d/modules.con2021-08-20 10:25:11.522661268 -0300
> +++ /etc/modules-load.d/modules.conf2021-08-19 19:41:25.866695920 -0300
> @@ -2,3 +2,4 @@
>  #
>  # This file contains the names of kernel modules that should be loaded
>  # at boot time, one per line. Lines beginning with "#" are ignored.
> +br_netfilter
>

-- 
Shengjing Zhu

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

2021-08-20 Thread Igor Torrente

Package: docker.io
Version: 20.10.5+dfsg1-1+b5
Severity: important
Tags: patch upstream

Dear maintainers,

I found a little issue in the dockerd-rootless-setuptool.sh installation script.
The fix (or workaround) will be sent in this email.

AFAIK this script is based on the official docker script. But the original 
script assumes
that the docker binary will be in the same folder as the dockerd-rootless.sh.
And this is not the case in the Debian package.

Here is my patch to solve this problem

--- /usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh  2021-08-20 
10:08:53.200580743 -0300
+++ /usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh  2021-08-20 
10:15:46.489616241 -0300
@@ -55,12 +55,13 @@
exit 1
fi
 
-   # set BIN
-   if ! BIN="$(command -v "$DOCKERD_ROOTLESS_SH" 2> /dev/null)"; then
+   # set BIN and ROOTLESS_BIN
+   if ! ROOTLESS_BIN="$(command -v "$DOCKERD_ROOTLESS_SH" 2> /dev/null)"; 
then
ERROR "$DOCKERD_ROOTLESS_SH needs to be present under \$PATH"
exit 1
fi
-   BIN=$(dirname "$BIN")
+   ROOTLESS_BIN=$(dirname "$ROOTLESS_BIN")
+   BIN="/usr/bin/"
 
# set SYSTEMD
if systemctl --user show-environment > /dev/null 2>&1; then
@@ -294,7 +295,7 @@
 
[Service]
Environment=PATH=$BIN:/sbin:/usr/sbin:$PATH
-   ExecStart=$BIN/dockerd-rootless.sh 
$DOCKERD_ROOTLESS_SH_FLAGS
+   ExecStart=$ROOTLESS_BIN/dockerd-rootless.sh 
$DOCKERD_ROOTLESS_SH_FLAGS
ExecReload=/bin/kill -s HUP \$MAINPID
TimeoutSec=0
RestartSec=2

I also had a problem with kernel modules, so I had to add them manually. I'm 
not sure how useful 
they would be in other types of installation, but Maybe worth add them to the 
installation script.

--- /dev/null   2021-08-20 08:47:56.012087970 -0300
+++ /etc/modprobe.d/overlay.conf2021-08-19 19:35:17.535171578 -0300
@@ -0,0 +1,2 @@
+# Debian-specific kernel patch, introduced in Debian 10 to the overlay2 
storage driver
+options overlay permit_mounts_in_userns=1

---  /etc/modules-load.d/modules.con2021-08-20 10:25:11.522661268 -0300
+++ /etc/modules-load.d/modules.conf2021-08-19 19:41:25.866695920 -0300
@@ -2,3 +2,4 @@
 #
 # This file contains the names of kernel modules that should be loaded
 # at boot time, one per line. Lines beginning with "#" are ignored.
+br_netfilter


Thanks for your attention,

Igor M. A. Torrente


-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages docker.io depends on:
ii  adduser  3.118
ii  containerd   1.4.5~ds1-2
ii  init-system-helpers  1.60
ii  iptables 1.8.7-1
ii  libc62.31-13
ii  libdevmapper1.02.1   2:1.02.175-2.1
ii  libsystemd0  247.3-6
ii  lsb-base 11.1.0
ii  runc 1.0.0~rc93+ds1-5+b2
ii  tini 0.19.0-1

Versions of packages docker.io recommends:
ii  apparmor 2.13.6-10
ii  ca-certificates  20210119
ii  cgroupfs-mount   1.4
ii  git  1:2.30.2-1
ii  needrestart  3.5-4
ii  xz-utils 5.2.5-2

Versions of packages docker.io suggests:
pn  aufs-tools 
pn  btrfs-progs
pn  debootstrap
pn  docker-doc 
ii  e2fsprogs  1.46.2-2
pn  rinse  
ii  rootlesskit0.14.2-1+b3
ii  xfsprogs   5.10.0-4
pn  zfs-fuse | zfsutils-linux  

-- no debconf information

-- debsums errors found:
debsums: changed file 
/usr/share/docker.io/contrib/dockerd-rootless-setuptool.sh (from docker.io 
package)

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

Bug#992582: docker.io: Little problem in the dockerd-rootless-setuptool.sh script prevents successful rootless setup

4 matches

Site Navigation

Mail list logo

Footer information