origamiofficial/docker-pihole-unbound

Cannot run in Podman rootless

Froggy232 opened this issue · 1 comments

Froggy232 commented

Fail to run with Podman & Quadlet

This is a: Run issue

Details with Docker log

When I try to launch the container, it fail and restart. The log tell me that :

cp: cannot create special file '/opt/unbound/etc/unbound/dev/random': Operation not permitted
cp: cannot create special file '/opt/unbound/etc/unbound/dev/urandom': Operation not permitted
cp: cannot create special file '/opt/unbound/etc/unbound/dev/null': Operation not permitted

Related Issues

  • [X ] I have searched this repository/Pi-hole official repository/Pi-hole forums for existing issues and pull requests that look similar

How to reproduce the issue

  1. Environment data
  • Operating System: Fedora Silverblue latest
  • Hardware: PC
  • Kernel Architecture: amd64
  • Docker Install Info and version:
    • Software source: official podman package included in fedora
    • Supplimentary Software: quadlet, but I doubt it's related
  • Hardware architecture: X86-64
  • Docker Image Tag: latest
  1. My pihole-unbound.container file look like that :
[Container]
AutoUpdate=registry
ContainerName=pihole-unbound
Environment=TZ=Europe/Paris WEBPASSWORD=hCAmrFah7qHzmCFPX8dwkno63DqjBKec REV_SERVER=false PIHOLE_DNS_=127.0.0.1#5335 DNSSEC="true" FTLCONF_LOCAL_IPV4=_MyIPv4_
Image=docker.io/rlabinc/pihole-unbound:latest
PublishPort=127.0.0.1:53:53/tcp
PublishPort=127.0.0.1:53:53/udp
PublishPort=127.0.0.1:9080:80/tcp
PublishPort=10.0.0.1:53:53/tcp
PublishPort=10.0.0.1:53:53/udp
PublishPort=10.0.0.1:9080:80/tcp
Volume=/var/srv/pihole/configs/pihole:/etc/pihole:Z
Volume=/var/srv/pihole/configs/dnsmasq:/etc/dnsmasq.d:Z
#Volume=/var/srv/pihole/configs/unbound:/opt/unbound/etc/unbound:Z

[Service]
Restart=always

[Install]
WantedBy=default.target
  1. any additional info to help reproduce
    Weirdly, the other images from cbcrowe or mariomare22 seems to work, but yours seems more up to date and well maintained.
    It seems to be a permission problem, probably related to the fact podman run rootless?

Upload the unbound log file

These common fixes didn't work for my issue

  • [X ] I have tried removing/destroying my container, and re-creating a new container
  • [X ] I have tried fresh volume data by backing up and moving/removing the old volume data
  • [X ] I have tried running the stock docker run example(s) in the readme (removing any customizations I added)
  • I have tried a newer or older version of Docker Pi-hole (depending what version the issue started in for me)
  • [X ] I have tried running without my volume data mounts to eliminate volumes as the cause
  • [X ] I have tried running official Pi-hole docker image to check if it works there

If the above debugging / fixes revealed any new information note it here.
Add any other debugging steps you've taken or theories on root cause that may help.

Thanks you a lot for your work!

origamiofficial commented

Hi @Froggy232, I'm not familiar with Podman (or Quadlet). It seems like the below line from unbound.sh creating the issue.

cp -a /dev/random /dev/urandom /dev/null /opt/unbound/etc/unbound/dev/

This is some kind of permission issue (my guess). I think it's worth checking out this issue MatthewVance/unbound-docker#22

Specially MatthewVance/unbound-docker#22 (comment)

If it's possible to fix through any changes let me know, I'll be happy to help.