DSM 7.0 Container unable to write to volume

Currently reading
DSM 7.0 Container unable to write to volume

F

Foolishness

4
1
NAS
DS1515+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Last edited:
I tried to run a docker-compose in Portainer on my DS1515+ and ever since I switched to DSM 7 one of the containers is unable to write to the linked volume. The container restarts endlessly and the logs show:

Code: 
2022-03-16 14:11:22.763    I Initializing core...
2022-03-16 14:11:22.764    I Loading blockchain from folder /home/monero/.bitmonero/lmdb ...
2022-03-16 14:11:22.785    I Stopping cryptonote protocol...
2022-03-16 14:11:22.785    I Cryptonote protocol stopped successfully
2022-03-16 14:11:22.786    E Exception in main! boost::filesystem::create_directory: Permission denied: "/home/monero/.bitmonero/lmdb"

The volume declaration in my docker-compose.yml is:

Code: 
volumes:
  /volume1/docker/xmrchain:/home/monero/.bitmonero

What permissions do I need to give to what user/group to make this work? (before switching to DSM 7 I had no issues, but apparently the were changes internally in DSM 7. First I tried this using the 'dockerlimited' method for safety considerations, but even when resetting '/var/run/docker.sock' to the original 'root:root' the container is unable to write to the volume. Giving the parameter '--user=root' makes the exception go away, but still nothing gets written in the volume.)

Can anybody spot where the problem is (and be lavish with information, so Dumbo here learns something ?)
 
Some images start as root, change folder permissions and execute the main process as restricted user.
Other images stay root all the time, and others start as restricted user from the beginning. At least for the later one, you need to align the owner UID:GID of the folder with the UID:GID used inside the container to execute the process (see dockerhub description for hints!).

Then we have Syno ACL's which can interfere. A process inside the container is not able to access files in a way the Syno ACL's would allow it to access the files - it simply has no idea of Syno ACL's.

Is there a reason you mention docker.sock? The permission on that unix domain socket only set who is allowed to interact with the docker api. Do NOT change the UID:GID or permission mask, unless you exactl know you do. If done wrong, you can lock out the Syno Docker UI or the docker cli client (even for root).
 
Last edited:
one-eyed-king said:
Is there a reason you mention docker.sock? The permission on that unix domain socket only set who is allowed to interact with the docker api. Do NOT change the UID:GID or permission mask, unless you exactl know you do. If done wrong, you can lock out the Syno Docker UI or the docker cli client (even for root)
Click to expand...

No, I just mentioned docker.sock because in my ignorance thought that had something to do with my problem.

Some images start as root, change folder permissions and execute the main process as restricted user.
Other images stay root all the time, and others start as restricted user from the beginning. At least for the later one, you need to align the owner UID:GID of the folder with the UID:GID used inside the container to execute the process (see dockerhub description for hints!).
Click to expand...

I just had a peak in the Dockerfile on Github (simple-monerod-docker/Dockerfile at main · sethforprivacy/simple-monerod-docker), and it is as you said:

Code: 
# Add user and setup directories for monerod
RUN set -ex && adduser -Ds /bin/bash monero \
    && mkdir -p /home/monero/.bitmonero \
    && chown -R monero:monero /home/monero/.bitmonero
USER monero

Found the answer:

it says in the readme that the Dockerfile was pulled from someone else's. There I found this mentioned:

Permission issues​

If experiencing permission issues on the volume-mapped folder these can be solved with a chown like below:

docker run -it --rm -v /etc/monero-blockchain:/home/monero/.bitmonero \
--entrypoint chown --user root lchaia/monerod monero:monero -R /home/monero/.bitmonero
Click to expand...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

M
Container Manager issue
I would like to thank you all for your efforts, but unfortunately still not working . But I found a...
2
Replies
23
Views
549
MTHammoud
M
Coop777
Configuring unbound to a Pi-Hole Docker container
Looks like I triggered you somehow with my post: it was not my intention. I have no idea whether bash or...
Replies
4
Views
400
one-eyed-king
one-eyed-king
D
  • Solved
Starting mysql on container start
If you are still interested in learning it: If you know how to write bash scripts, it should be possible...
Replies
5
Views
515
one-eyed-king
one-eyed-king
J
DSM 7.1 What is the different between run docker-compose in ssh or using container manager project?
I have no idea what you are doing, but I just tested it based on the instructions of the guide you linked...
Replies
11
Views
1,368
one-eyed-king
one-eyed-king
Cyberwasp
Container address not working
hey guys. After several hours of changing and resetting things, its working again. I have no idea what...
Replies
1
Views
440
Cyberwasp
Cyberwasp
Micky
Updating Container with Portainer fails on DSM 7.2
Root of this issue found;) For unknown reason, the docker package on the first, failing DS, uses the...
Replies
3
Views
568
Micky
Micky
A
Install Docker/Container Manager on DS220J
True! Still, there are certain containers that can be run on those machines as long as users are aware of...
Replies
8
Views
1,959
Rusty
Rusty

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top