TrafeX/docker-php-nginx

[Question] Running in Read-only filesystem

antfig opened this issue · 2 comments

antfig commented

Hi, first of all, thanks for the nice work with this simple docker image.

I'm doing some tests running this container in a read-only system and I got some errors from the supervisor trying to access /tmp directory, from the supervisor settings looks like everything is sent to the stdout or stderr but still has the error.

How to reproduce

By running the docker in read-only mode

Run the following

$ docker run --read-only -p 82:8080 trafex/php-nginx

Traceback (most recent call last):
  File "/usr/bin/supervisord", line 33, in <module>
    sys.exit(load_entry_point('supervisor==4.2.5', 'console_scripts', 'supervisord')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/supervisor/supervisord.py", line 351, in main
    options = ServerOptions()
              ^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/supervisor/options.py", line 441, in __init__
    existing_directory, default=tempfile.gettempdir())
                                ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/tempfile.py", line 299, in gettempdir
    return _os.fsdecode(_gettempdir())
                        ^^^^^^^^^^^^^
  File "/usr/lib/python3.11/tempfile.py", line 292, in _gettempdir
    tempdir = _get_default_tempdir()
              ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/tempfile.py", line 223, in _get_default_tempdir
    raise FileNotFoundError(_errno.ENOENT,
FileNotFoundError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/var/www/html']

Research

From the supervisor codebase (here), I can see the error is originated from setting the childlogdir configuration that has a default to tmp dir.

I tried to set the childlogdir=/dev/null but failed because /dev/null is not an existing directory

TrafeX commented

Hi @antfig,

I think supervisor isn't suitable to run on a readonly filesystem, it needs at least a temporary directory to create the logfiles.
You can mount specific folders to tmpfs using --mount type=tmpfs,destination=/tmp.
That solves the issue with supervisor, but then you get errors from nginx & php-fpm because they want to create a pid file and logfiles as well.
Those issues are solveable by changing the paths in the various configuration files.

antfig commented

Thanks for the help :)