Hey :) Not sure if you got my last email, do you have an update? Cause I’m getting a permission denies error Thanks!
On Tue, 17 Jun 2025 at 17:08 ענבל סטולרסקי <[email protected]> wrote: > So I thought it would work fine without root privileges as well so I tried > to deploy both guacamole and guacd as it is on my Openshift namespaces and > the results were that the guacd pod worked perfectly fine on rootless mode > where as the guacamole pod issued the following error: > > "mkdir: cannot create directory ‘//.guacamole’: Permission denied" > > Tried to understand why it's happening but honestly I'm not sure :( > > Just to have some context, I have a namespace in an internal Openshift > cluster in which I do not have root privileges. > > בתאריך יום ג׳, 17 ביוני 2025 ב-16:49 מאת Mailing Lists < > [email protected]>: > >> I can confirm guacamole runs rootlesd (tested on podman rootless) >> >> via Smartphone >> >> Am 17.06.2025 um 15:46 schrieb T Y <[email protected]>: >> >> >> On 17.06.25 15:26, Nick Couchman wrote: >> >> On Tue, Jun 17, 2025 at 8:38 AM ענבל סטולרסקי < >> [email protected]> wrote: >> >>> Hi :) >>> I'm new to the guacamole world and I'm trying to deploy it on openshift >>> using the docker images of guacamole and guacd. My problem is that the >>> guacamole image requires root privileges that I cannot provide on my >>> cluster and I'm blocked. I was wondering if there's something I can do >>> about that and if there's an alternate image for guacamole that does not >>> require root privileges? >>> I tried to edit the image myself and work around the root permissions >>> but no success. >>> Thanks! >>> >> >> When you say that it requires root privileges, what behavior are you >> seeing that requires this? I admittedly have not tried running it in a >> "rootless" mode, but I also don't think there's anything within the >> Guacamole code or functionality that actually would require root access - >> it should work fine as a non-root user/container. >> >> -Nick >> >> >> I'll happily confirm it works perfectly fine in a rootless docker setup >> without any modifications to the base images on both 1.5.5 and 1.6.0-RC#. >> >> Running the container additionally read-only will require a few >> exceptions for temp volumes and such, but otherwise this also works fine. >> >> If you want source IP propagation for meaningful connection logging, >> you'll have to use something like pasta as network driver and make sure you >> set the appropriate headers on your reverse proxy. >> >> Of course, you won't be able to use privileged ports if you don't have >> the permissions to grant that capability. So you'll have to map an >> appropriate external port. >> >>
